CVE-2020-22428
https://notcve.org/view.php?id=CVE-2020-22428
SolarWinds Serv-U before 15.1.6 Hotfix 3 is affected by Cross Site Scripting (XSS) via a directory name (entered by an admin) containing a JavaScript payload. SolarWinds Serv-U versiones anteriores a 15.1.6 Hotfix 3, está afectado por Cross Site Scripting (XSS) por medio de un nombre de directorio (ingresado por un administrador) que contiene una carga útil de JavaScript • https://github.com/matrix https://support.solarwinds.com/SuccessCenter/s/article/Serv-U-15-1-6-Hotfix-3?language=en_US https://twitter.com/gm4tr1x https://www.linkedin.com/in/gabrielegristina • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-15541
https://notcve.org/view.php?id=CVE-2020-15541
SolarWinds Serv-U FTP server before 15.2.1 allows remote command execution. El servidor SolarWinds Serv-U FTP versiones anteriores a 15.2.1, permite una ejecución de comandos remota • https://documentation.solarwinds.com/en/success_center/servu/Content/Release_Notes/Servu_15-2-1_release_notes.htm •
CVE-2020-15543
https://notcve.org/view.php?id=CVE-2020-15543
SolarWinds Serv-U FTP server before 15.2.1 does not validate an argument path. El servidor SolarWinds Serv-U FTP versiones anteriores a 15.2.1, no comprueba una ruta de argumento • https://documentation.solarwinds.com/en/success_center/servu/Content/Release_Notes/Servu_15-2-1_release_notes.htm • CWE-20: Improper Input Validation •
CVE-2020-15542
https://notcve.org/view.php?id=CVE-2020-15542
SolarWinds Serv-U FTP server before 15.2.1 mishandles the CHMOD command. El servidor SolarWinds Serv-U FTP versiones anteriores a 15.2.1, maneja inapropiadamente el comando CHMOD • https://documentation.solarwinds.com/en/success_center/servu/Content/Release_Notes/Servu_15-2-1_release_notes.htm •
CVE-2019-12181 – Serv-U FTP Server < 15.1.7 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2019-12181
A privilege escalation vulnerability exists in SolarWinds Serv-U before 15.1.7 for Linux. Existe una vulnerabilidad de escalado de privilegios en SolarWinds Serv-U en versiones anteriores a la 15.1.7 para Linux. Serv-U FTP Server version 15.1.6 suffers from a local privilege escalation vulnerability. • https://www.exploit-db.com/exploits/47009 https://www.exploit-db.com/exploits/47072 https://www.exploit-db.com/exploits/47173 https://github.com/mavlevin/CVE-2019-12181 http://packetstormsecurity.com/files/153333/Serv-U-FTP-Server-15.1.6-Privilege-Escalation.html http://packetstormsecurity.com/files/153505/Serv-U-FTP-Server-prepareinstallation-Privilege-Escalation.html https://blog.vastart.dev/2019/06/cve-2019-12181-serv-u-exploit-writeup.html https://documentation.solarwinds.com/en/success_c • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •