CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-25179
https://notcve.org/view.php?id=CVE-2021-25179
SolarWinds Serv-U before 15.2 is affected by Cross Site Scripting (XSS) via the HTTP Host header. SolarWinds Serv-U versiones anteriores a 15.2, está afectado por una vulnerabilidad de tipo Cross Site Scripting (XSS) por medio del encabezado HTTP Host • https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-2_release_notes.htm https://github.com/matrix https://twitter.com/gm4tr1x https://www.linkedin.com/in/gabrielegristina • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 89EXPL: 3CVE-2011-4800 – Serv-U FTP Server - Jail Break
https://notcve.org/view.php?id=CVE-2011-4800
Directory traversal vulnerability in Serv-U FTP Server before 11.1.0.5 allows remote authenticated users to read and write arbitrary files, and list and create arbitrary directories, via a "..:/" (dot dot colon forward slash) in the (1) list, (2) put, or (3) get commands. Vulnerabilidad de salto de directorio en Serv-U FTP Server antes de v11.1.0.5 permite a usuarios autenticados remotamente leer y escribir archivos de su elección y listar y crear directorios de su elección a través de "..:/" (punto punto dos puntos barra oblicua) en los comandos (1) list, (2) put, o (3) get. • https://www.exploit-db.com/exploits/18182 http://archives.neohapsis.com/archives/fulldisclosure/2011-11/0454.html http://secunia.com/advisories/47021 http://www.exploit-db.com/exploits/18182 http://www.serv-u.com/releasenotes • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •