CVE-2020-22428
https://notcve.org/view.php?id=CVE-2020-22428
SolarWinds Serv-U before 15.1.6 Hotfix 3 is affected by Cross Site Scripting (XSS) via a directory name (entered by an admin) containing a JavaScript payload. SolarWinds Serv-U versiones anteriores a 15.1.6 Hotfix 3, está afectado por Cross Site Scripting (XSS) por medio de un nombre de directorio (ingresado por un administrador) que contiene una carga útil de JavaScript • https://github.com/matrix https://support.solarwinds.com/SuccessCenter/s/article/Serv-U-15-1-6-Hotfix-3?language=en_US https://twitter.com/gm4tr1x https://www.linkedin.com/in/gabrielegristina • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-15541
https://notcve.org/view.php?id=CVE-2020-15541
SolarWinds Serv-U FTP server before 15.2.1 allows remote command execution. El servidor SolarWinds Serv-U FTP versiones anteriores a 15.2.1, permite una ejecución de comandos remota • https://documentation.solarwinds.com/en/success_center/servu/Content/Release_Notes/Servu_15-2-1_release_notes.htm •
CVE-2020-15543
https://notcve.org/view.php?id=CVE-2020-15543
SolarWinds Serv-U FTP server before 15.2.1 does not validate an argument path. El servidor SolarWinds Serv-U FTP versiones anteriores a 15.2.1, no comprueba una ruta de argumento • https://documentation.solarwinds.com/en/success_center/servu/Content/Release_Notes/Servu_15-2-1_release_notes.htm • CWE-20: Improper Input Validation •
CVE-2020-15542
https://notcve.org/view.php?id=CVE-2020-15542
SolarWinds Serv-U FTP server before 15.2.1 mishandles the CHMOD command. El servidor SolarWinds Serv-U FTP versiones anteriores a 15.2.1, maneja inapropiadamente el comando CHMOD • https://documentation.solarwinds.com/en/success_center/servu/Content/Release_Notes/Servu_15-2-1_release_notes.htm •
CVE-2019-19829 – Serv-U FTP Server 15.1.7 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2019-19829
A cross-site scripting (XSS) vulnerability exists in SolarWinds Serv-U FTP Server 15.1.7 in the email parameter, a different vulnerability than CVE-2018-19934 and CVE-2019-13182. Se presenta una vulnerabilidad de tipo cross-site scripting (XSS) en SolarWinds Serv-U FTP Server versión 15.1.7 en el parámetro email, una vulnerabilidad diferente de CVE-2018-19934 y CVE-2019-13182. Serv-U FTP Server version 15.1.7 suffers from a persistent cross site scripting vulnerability leveraging the Email parameter. • http://packetstormsecurity.com/files/155708/Serv-U-FTP-Server-15.1.7-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •