CVE-2019-12181 – Serv-U FTP Server < 15.1.7 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2019-12181
A privilege escalation vulnerability exists in SolarWinds Serv-U before 15.1.7 for Linux. Existe una vulnerabilidad de escalado de privilegios en SolarWinds Serv-U en versiones anteriores a la 15.1.7 para Linux. Serv-U FTP Server version 15.1.6 suffers from a local privilege escalation vulnerability. • https://www.exploit-db.com/exploits/47009 https://www.exploit-db.com/exploits/47072 https://www.exploit-db.com/exploits/47173 https://github.com/mavlevin/CVE-2019-12181 http://packetstormsecurity.com/files/153333/Serv-U-FTP-Server-15.1.6-Privilege-Escalation.html http://packetstormsecurity.com/files/153505/Serv-U-FTP-Server-prepareinstallation-Privilege-Escalation.html https://blog.vastart.dev/2019/06/cve-2019-12181-serv-u-exploit-writeup.html https://documentation.solarwinds.com/en/success_c • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2018-19999 – Serv-U FTP Server 15.1.6.25 Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2018-19999
The local management interface in SolarWinds Serv-U FTP Server 15.1.6.25 has incorrect access controls that permit local users to bypass authentication in the application and execute code in the context of the Windows SYSTEM account, leading to privilege escalation. To exploit this vulnerability, an attacker must have local access the the host running Serv-U, and a Serv-U administrator have an active management console session. La interfaz de administración local en SolarWinds Serv-U FTP Server versión 15.1.6.25, presenta controles de acceso incorrectos que permiten a los usuarios locales omitir la autenticación en la aplicación y ejecutar código en el contexto de la cuenta SYSTEM de Windows, lo que conlleva a la escalada de privilegios. Para explotar esta vulnerabilidad, un atacante debe tener acceso local al host que ejecuta Serv-U, y un administrador de Serv-U presenta una sesión de consola administrativa activa. Serv-U FTP Server version 15.1.6.25 suffers from a local privilege escalation vulnerability via authentication bypass. • https://seclists.org/fulldisclosure/2019/May/46 https://www.themissinglink.com.au/security-advisories-cve-2018-19999 • CWE-287: Improper Authentication •
CVE-2018-19934 – SolarWinds Serv-U FTP 15.1.6.25 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2018-19934
SolarWinds Serv-U FTP Server 15.1.6.25 has reflected cross-site scripting (XSS) in the Web management interface via URL path and HTTP POST parameter. SolarWinds Serv-U FTP Server 15.1.6.25 tiene Cross-Site Scripting (XSS) reflejado en la interfaz de gestión web en la interfaz de gestión web mediante una ruta de URL y un parámetro HTTP POST. SolarWinds Serv-U FTP version 15.1.6.25 suffers from a cross site scripting vulnerability. • http://packetstormsecurity.com/files/151474/SolarWinds-Serv-U-FTP-15.1.6.25-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2019/Feb/5 https://www.themissinglink.com.au/security-advisories-cve-2018-19934 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-15906 – SolarWinds Serv-U FTP 15.1.6 Privilege Escalation
https://notcve.org/view.php?id=CVE-2018-15906
SolarWinds Serv-U FTP Server 15.1.6 allows remote authenticated users to execute arbitrary code by leveraging the Import feature and modifying a CSV file. SolarWinds Serv-U FTP Server 15.1.6 permite que usuarios remotos autenticados ejecuten código arbitrario aprovechando la característica de importación y modificando un archivo CSV. SolarWinds Serv-U FTP Server version 15.1.6 is vulnerable to privilege escalation from remote authenticated users by leveraging the CSV user import function. This leads to obtaining remote code execution under the context of the Windows SYSTEM account in a default installation. • http://packetstormsecurity.com/files/151473/SolarWinds-Serv-U-FTP-15.1.6-Privilege-Escalation.html http://seclists.org/fulldisclosure/2019/Feb/4 http://www.securityfocus.com/bid/106844 •
CVE-2018-10241
https://notcve.org/view.php?id=CVE-2018-10241
A denial of service vulnerability in SolarWinds Serv-U before 15.1.6 HFv1 allows an authenticated user to crash the application (with a NULL pointer dereference) via a specially crafted URL beginning with the /Web%20Client/ substring. Una vulnerabilidad de denegación de servicio (DoS) en SolarWinds Serv-U en versiones anteriores a la 15.1.6 HFv1 permite que un usuario autenticado provoque el cierre inesperado de la aplicación (con una desreferencia de puntero NULL) mediante una URL especialmente manipulada que comienza con la subcadena /Web%20Client/. • https://www.bishopfox.com/news/2018/05/solarwinds-serv-u-managed-file-transfer-denial-of-service • CWE-476: NULL Pointer Dereference •