CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-22428
https://notcve.org/view.php?id=CVE-2020-22428
05 May 2021 — SolarWinds Serv-U before 15.1.6 Hotfix 3 is affected by Cross Site Scripting (XSS) via a directory name (entered by an admin) containing a JavaScript payload. SolarWinds Serv-U versiones anteriores a 15.1.6 Hotfix 3, está afectado por Cross Site Scripting (XSS) por medio de un nombre de directorio (ingresado por un administrador) que contiene una carga útil de JavaScript • https://github.com/matrix • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 21%CPEs: 1EXPL: 0CVE-2020-15541
https://notcve.org/view.php?id=CVE-2020-15541
05 Jul 2020 — SolarWinds Serv-U FTP server before 15.2.1 allows remote command execution. El servidor SolarWinds Serv-U FTP versiones anteriores a 15.2.1, permite una ejecución de comandos remota • https://documentation.solarwinds.com/en/success_center/servu/Content/Release_Notes/Servu_15-2-1_release_notes.htm •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 0CVE-2020-15543
https://notcve.org/view.php?id=CVE-2020-15543
05 Jul 2020 — SolarWinds Serv-U FTP server before 15.2.1 does not validate an argument path. El servidor SolarWinds Serv-U FTP versiones anteriores a 15.2.1, no comprueba una ruta de argumento • https://documentation.solarwinds.com/en/success_center/servu/Content/Release_Notes/Servu_15-2-1_release_notes.htm • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 0CVE-2020-15542
https://notcve.org/view.php?id=CVE-2020-15542
05 Jul 2020 — SolarWinds Serv-U FTP server before 15.2.1 mishandles the CHMOD command. El servidor SolarWinds Serv-U FTP versiones anteriores a 15.2.1, maneja inapropiadamente el comando CHMOD • https://documentation.solarwinds.com/en/success_center/servu/Content/Release_Notes/Servu_15-2-1_release_notes.htm •
CVSS: 5.4EPSS: 1%CPEs: 1EXPL: 2CVE-2019-19829 – Serv-U FTP Server 15.1.7 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2019-19829
17 Dec 2019 — A cross-site scripting (XSS) vulnerability exists in SolarWinds Serv-U FTP Server 15.1.7 in the email parameter, a different vulnerability than CVE-2018-19934 and CVE-2019-13182. Se presenta una vulnerabilidad de tipo cross-site scripting (XSS) en SolarWinds Serv-U FTP Server versión 15.1.7 en el parámetro email, una vulnerabilidad diferente de CVE-2018-19934 y CVE-2019-13182. Serv-U FTP Server version 15.1.7 suffers from a persistent cross site scripting vulnerability leveraging the Email parameter. • https://packetstorm.news/files/id/155708 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 1CVE-2019-13181 – Serv-U FTP Server 15.1.7 CSV Injection
https://notcve.org/view.php?id=CVE-2019-13181
16 Dec 2019 — A CSV injection vulnerability exists in the web UI of SolarWinds Serv-U FTP Server v15.1.7. Se presenta una vulnerabilidad de inyección CSV en la Interfaz de Usuario web de SolarWinds Serv-U FTP Server versión v15.1.7. Serv-U FTP Server version 15.1.7 suffers from a CSV injection vulnerability. • https://packetstorm.news/files/id/155673 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 5.4EPSS: 2%CPEs: 1EXPL: 1CVE-2019-13182 – Serv-U FTP Server 15.1.7 Persistent Cross Site Scripting
https://notcve.org/view.php?id=CVE-2019-13182
16 Dec 2019 — A stored cross-site scripting (XSS) vulnerability exists in the web UI of SolarWinds Serv-U FTP Server 15.1.7. Se presenta una vulnerabilidad de tipo cross-site scripting (XSS) almacenado en la Interfaz de Usuario web de SolarWinds Serv-U FTP versión 15.1.7. Serv-U FTP Server version 15.1.7 suffers from a persistent cross site scripting vulnerability. • https://packetstorm.news/files/id/155672 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 51%CPEs: 2EXPL: 8CVE-2019-12181 – Serv-U FTP Server < 15.1.7 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2019-12181
17 Jun 2019 — A privilege escalation vulnerability exists in SolarWinds Serv-U before 15.1.7 for Linux. Existe una vulnerabilidad de escalado de privilegios en SolarWinds Serv-U en versiones anteriores a la 15.1.7 para Linux. Serv-U FTP Server version 15.1.6 suffers from a local privilege escalation vulnerability. • https://packetstorm.news/files/id/153333 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-19999 – Serv-U FTP Server 15.1.6.25 Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2018-19999
30 May 2019 — The local management interface in SolarWinds Serv-U FTP Server 15.1.6.25 has incorrect access controls that permit local users to bypass authentication in the application and execute code in the context of the Windows SYSTEM account, leading to privilege escalation. To exploit this vulnerability, an attacker must have local access the the host running Serv-U, and a Serv-U administrator have an active management console session. La interfaz de administración local en SolarWinds Serv-U FTP Server versión 15.1... • https://packetstorm.news/files/id/153128 • CWE-287: Improper Authentication •
CVSS: 4.8EPSS: 1%CPEs: 1EXPL: 2CVE-2018-19934 – SolarWinds Serv-U FTP 15.1.6.25 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2018-19934
02 Feb 2019 — SolarWinds Serv-U FTP Server 15.1.6.25 has reflected cross-site scripting (XSS) in the Web management interface via URL path and HTTP POST parameter. SolarWinds Serv-U FTP Server 15.1.6.25 tiene Cross-Site Scripting (XSS) reflejado en la interfaz de gestión web en la interfaz de gestión web mediante una ruta de URL y un parámetro HTTP POST. SolarWinds Serv-U FTP version 15.1.6.25 suffers from a cross site scripting vulnerability. • https://packetstorm.news/files/id/151474 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •