Search criteria
60 vulnerabilities found for serv-u_file_server by solarwinds
FKIE_CVE-2021-25179
Vulnerability from fkie_nvd - Published: 2021-05-05 03:15 - Updated: 2024-11-21 05:54
Severity ?
Summary
SolarWinds Serv-U before 15.2 is affected by Cross Site Scripting (XSS) via the HTTP Host header.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-2_release_notes.htm | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://github.com/matrix | Not Applicable, Third Party Advisory | |
| cve@mitre.org | https://twitter.com/gm4tr1x | Third Party Advisory | |
| cve@mitre.org | https://www.linkedin.com/in/gabrielegristina | Permissions Required, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-2_release_notes.htm | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/matrix | Not Applicable, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://twitter.com/gm4tr1x | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.linkedin.com/in/gabrielegristina | Permissions Required, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| solarwinds | serv-u_file_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD1CF4B3-08F1-459F-B1F4-8501F252EC23",
"versionEndExcluding": "15.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SolarWinds Serv-U before 15.2 is affected by Cross Site Scripting (XSS) via the HTTP Host header."
},
{
"lang": "es",
"value": "SolarWinds Serv-U versiones anteriores a 15.2, est\u00e1 afectado por una vulnerabilidad de tipo Cross Site Scripting (XSS) por medio del encabezado HTTP Host"
}
],
"id": "CVE-2021-25179",
"lastModified": "2024-11-21T05:54:30.950",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-05T03:15:07.283",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-2_release_notes.htm"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable",
"Third Party Advisory"
],
"url": "https://github.com/matrix"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/gm4tr1x"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://www.linkedin.com/in/gabrielegristina"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-2_release_notes.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable",
"Third Party Advisory"
],
"url": "https://github.com/matrix"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/gm4tr1x"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://www.linkedin.com/in/gabrielegristina"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-4800
Vulnerability from fkie_nvd - Published: 2011-12-14 00:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Directory traversal vulnerability in Serv-U FTP Server before 11.1.0.5 allows remote authenticated users to read and write arbitrary files, and list and create arbitrary directories, via a "..:/" (dot dot colon forward slash) in the (1) list, (2) put, or (3) get commands.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49FF0AF9-2176-423E-88CB-C2C8CC0EBF09",
"versionEndIncluding": "11.1.0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:3.0.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "0CB703F7-4806-4E3F-850E-ACC127892899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:3.0.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "D6E3F784-86CB-46FC-97FB-1F43F140C9ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:3.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "022E0AF9-48FA-41C4-A109-4A3284A721BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:3.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "397E88A4-9E82-4818-B176-1C049993F1C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:3.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D7DD649F-E290-4E8E-B61F-3950A2157938",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:4.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "51BE6EDE-C7BC-4730-9602-160A027D8F25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:4.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7DE0A612-CF94-4DBE-808C-AE4CA9DD2C3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:4.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F20066E0-BAE8-462F-86B5-A39DDB5D11C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:5.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "78B460EA-F742-4524-B213-BF92ABF82ABC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:5.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6E646B1A-167C-4DB6-84C1-77B071AC605A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:5.0.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EF068DF2-7298-4648-BA80-06321599E723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:5.0.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B3B340-C416-421D-9616-C4ACB59E05A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:5.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CADBC6BB-BF83-4BC0-88FC-4D6E929B7D91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:5.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5175168C-D623-49AE-9BB6-9DAF8B7C5EEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:5.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "735F7214-91B5-4BDF-8F98-52249A22AE75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3E248012-E5EE-4975-8E3B-A05FC5FA4737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C8B779-67D3-43B5-B8F2-C460D5C5906D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE4E2E43-42CC-451E-8F49-E5E6E72D90C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D24DD045-751C-4CAA-BDD5-0511FD245651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F5C70A91-550A-4441-8468-A41759D438DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1A34FD62-EC28-4B66-9BCA-44468C87DA74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "61B7075F-5C0B-40F9-B391-10AECE849B5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "80B6C7FD-77EA-40F2-A9C9-235B4B0757EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE71798A-C0F4-442F-8B8E-D590FCDAB707",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C7EC2A0C-DFD1-4ED7-B59B-9FBB658AC93C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "087D548D-384E-4B7C-8FB2-EC9F9F255EA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0D950E25-71ED-492A-A7D9-F332C2989965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CC21E151-25BD-46C3-95C0-D97FB31207A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2BCE52A0-58FB-41FD-8BC2-410FB0A96A77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1B1D9E67-F528-412F-94D1-BC245E1A9786",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DEA09ADC-E1F7-4A89-ABD5-52657430DF01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6E8A3AA1-CC80-40AD-B57D-E86FE515C4CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "141C2C7B-2CD7-4B62-85AC-92209DDB9CEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "92DB160E-82FF-4360-970B-9DA8F8C80C7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "97835C15-FDFA-4483-B8F5-062731E912B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "64D43FB7-6D9C-46AE-9831-6C1A8CF8146E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CE52F36F-FA2F-476C-9F30-5F74DC0F3D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D000B5-04D7-431C-AA2B-BC8D0475A518",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C74BAC99-DF37-4AE4-AF48-69C6E855CEC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "50FCBA2E-F6EE-4C52-B2DA-5174EF110DF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E40D1816-BD4A-4405-8461-07DA732C5CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0CD3CE83-3E37-464C-A511-CDF7E735E58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "243CCCC8-9860-4440-9E80-12668270F330",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BFE008FE-8C8A-4E82-B6EE-93ECBB6A9903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E6D6DD1-D98B-46C1-921C-9B045C234377",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "48FC2D20-D01F-43A7-B49D-6FAFB7889C5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6CEF9A0E-7D4E-42CA-AD6F-B6F18CA3CFB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "480EE765-C9AF-495E-810E-4153DC250F33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "955439D8-7449-4E82-9EB5-6379002E6D92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D6B101C-1058-45D7-A0B9-26C616691F04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F7EC7360-6AD8-4689-A927-57881C4BF974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CF3956BE-95DE-4656-B987-796053032621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "391013B0-D304-49AF-9FAB-89E9A4E16686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1A4BCC0E-1F1B-4956-BE5D-67FF788652EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B9637A62-B1A9-41D1-905C-DA200DB5A4DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7FE5332-0928-4743-832D-D7E9AB86B5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF325569-354C-4C70-A6EC-A8BFF1FF2AB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "31756C9F-307A-4D1C-8534-5F919EA96C75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:9.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "104F5B91-6267-4B19-A791-FBC49E88B7AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:9.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "809D6AB1-13D5-4589-B564-570114A64AC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:9.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E986938-BE98-4D7A-9C92-4ED87968E0A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:9.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34BB423C-D0B6-4C65-A30F-463F492E2526",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F380EA4C-18AC-4588-9B51-0D8E81CE84E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:9.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "16CC8AA7-81CB-489C-92F1-FDF61A14B068",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:9.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0D3C9B47-2FB0-4767-8807-4C90FD6BB5FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:9.4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A59F34EF-468F-4710-8379-745FFEDC35ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:10.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8D82C854-26F6-4689-85B0-81B8C782A52E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:10.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3AD26411-E8AC-4595-8C86-DD4D207A6605",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:10.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BC0C56D1-177A-4A85-8373-2DA0287A5B4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:10.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8D2343B0-9C25-443D-8C93-07101C140B6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:10.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "701EEB9F-B88C-4993-9728-25AD3152D53A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:10.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B3965B8F-63E1-4195-B7DA-2AF96DCE3AE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:10.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FE97BB8E-1B25-4328-8DA2-5BFC6E54EEAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:10.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B213209D-AA7C-484B-94C2-686EC7A4B15F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:10.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0CF4F655-3FBC-4865-842F-DEBF579A2A3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:10.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B1C1151B-1336-4710-9F5F-792DCBB9AAFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:10.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0D528E60-B44B-4E58-AD27-0308D4F32CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:10.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C6D38BD7-0E03-4495-85C3-599EB8190DD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:10.5.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C920D01C-1AC6-4217-A3B3-5118F024CDE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:10.5.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "E2CB0EF0-D2BB-40D4-9818-99EB22B206F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:10.5.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "BE664A58-12B1-4669-9BA8-D3D1EF588EA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:10.5.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "1FF60A40-3D34-4BFE-86C0-EEE115CA2565",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:10.5.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "A451E107-FAD5-4C5F-B4ED-ACCF6BDBBB78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:10.5.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "0D2698C9-4053-47FA-A604-708B912A3BF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:11.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4B5081EC-13D8-427C-8C0E-D061D0C01A88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:11.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "747B2BC9-77B9-41FF-966D-0FE311875020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:11.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7825A1DA-682C-443E-B0E0-01B80DD874A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:11.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2C3E6768-CDF9-49F3-913F-9B4E0DDE14AB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Serv-U FTP Server before 11.1.0.5 allows remote authenticated users to read and write arbitrary files, and list and create arbitrary directories, via a \"..:/\" (dot dot colon forward slash) in the (1) list, (2) put, or (3) get commands."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en Serv-U FTP Server antes de v11.1.0.5 permite a usuarios autenticados remotamente leer y escribir archivos de su elecci\u00f3n y listar y crear directorios de su elecci\u00f3n a trav\u00e9s de \"..:/\" (punto punto dos puntos barra oblicua) en los comandos (1) list, (2) put, o (3) get."
}
],
"id": "CVE-2011-4800",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-12-14T00:55:02.217",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-11/0454.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47021"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18182"
},
{
"source": "cve@mitre.org",
"url": "http://www.serv-u.com/releasenotes/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-11/0454.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18182"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.serv-u.com/releasenotes/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-4815
Vulnerability from fkie_nvd - Published: 2010-04-27 15:30 - Updated: 2025-04-11 00:51
Severity ?
Summary
Directory traversal vulnerability in Serv-U before 9.2.0.1 allows remote authenticated users to read arbitrary files via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:3.0.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "0CB703F7-4806-4E3F-850E-ACC127892899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:3.0.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "D6E3F784-86CB-46FC-97FB-1F43F140C9ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:3.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "022E0AF9-48FA-41C4-A109-4A3284A721BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:3.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "397E88A4-9E82-4818-B176-1C049993F1C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:3.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D7DD649F-E290-4E8E-B61F-3950A2157938",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:4.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "51BE6EDE-C7BC-4730-9602-160A027D8F25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:4.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7DE0A612-CF94-4DBE-808C-AE4CA9DD2C3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:4.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F20066E0-BAE8-462F-86B5-A39DDB5D11C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:5.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "78B460EA-F742-4524-B213-BF92ABF82ABC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:5.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6E646B1A-167C-4DB6-84C1-77B071AC605A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:5.0.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EF068DF2-7298-4648-BA80-06321599E723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:5.0.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B3B340-C416-421D-9616-C4ACB59E05A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:5.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CADBC6BB-BF83-4BC0-88FC-4D6E929B7D91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:5.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5175168C-D623-49AE-9BB6-9DAF8B7C5EEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:5.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "735F7214-91B5-4BDF-8F98-52249A22AE75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3E248012-E5EE-4975-8E3B-A05FC5FA4737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C8B779-67D3-43B5-B8F2-C460D5C5906D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE4E2E43-42CC-451E-8F49-E5E6E72D90C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D24DD045-751C-4CAA-BDD5-0511FD245651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F5C70A91-550A-4441-8468-A41759D438DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1A34FD62-EC28-4B66-9BCA-44468C87DA74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "61B7075F-5C0B-40F9-B391-10AECE849B5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "80B6C7FD-77EA-40F2-A9C9-235B4B0757EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE71798A-C0F4-442F-8B8E-D590FCDAB707",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C7EC2A0C-DFD1-4ED7-B59B-9FBB658AC93C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "087D548D-384E-4B7C-8FB2-EC9F9F255EA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0D950E25-71ED-492A-A7D9-F332C2989965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CC21E151-25BD-46C3-95C0-D97FB31207A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2BCE52A0-58FB-41FD-8BC2-410FB0A96A77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1B1D9E67-F528-412F-94D1-BC245E1A9786",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DEA09ADC-E1F7-4A89-ABD5-52657430DF01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6E8A3AA1-CC80-40AD-B57D-E86FE515C4CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:6.4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "141C2C7B-2CD7-4B62-85AC-92209DDB9CEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "92DB160E-82FF-4360-970B-9DA8F8C80C7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "97835C15-FDFA-4483-B8F5-062731E912B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "64D43FB7-6D9C-46AE-9831-6C1A8CF8146E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CE52F36F-FA2F-476C-9F30-5F74DC0F3D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D000B5-04D7-431C-AA2B-BC8D0475A518",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C74BAC99-DF37-4AE4-AF48-69C6E855CEC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "50FCBA2E-F6EE-4C52-B2DA-5174EF110DF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E40D1816-BD4A-4405-8461-07DA732C5CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0CD3CE83-3E37-464C-A511-CDF7E735E58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "243CCCC8-9860-4440-9E80-12668270F330",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BFE008FE-8C8A-4E82-B6EE-93ECBB6A9903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E6D6DD1-D98B-46C1-921C-9B045C234377",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "48FC2D20-D01F-43A7-B49D-6FAFB7889C5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6CEF9A0E-7D4E-42CA-AD6F-B6F18CA3CFB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "480EE765-C9AF-495E-810E-4153DC250F33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "955439D8-7449-4E82-9EB5-6379002E6D92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D6B101C-1058-45D7-A0B9-26C616691F04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F7EC7360-6AD8-4689-A927-57881C4BF974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CF3956BE-95DE-4656-B987-796053032621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "391013B0-D304-49AF-9FAB-89E9A4E16686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1A4BCC0E-1F1B-4956-BE5D-67FF788652EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B9637A62-B1A9-41D1-905C-DA200DB5A4DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7FE5332-0928-4743-832D-D7E9AB86B5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF325569-354C-4C70-A6EC-A8BFF1FF2AB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "31756C9F-307A-4D1C-8534-5F919EA96C75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:9.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "104F5B91-6267-4B19-A791-FBC49E88B7AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:9.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "809D6AB1-13D5-4589-B564-570114A64AC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:9.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E986938-BE98-4D7A-9C92-4ED87968E0A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:9.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34BB423C-D0B6-4C65-A30F-463F492E2526",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Serv-U before 9.2.0.1 allows remote authenticated users to read arbitrary files via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en Serv-U en versiones anteriores a la 9.2.0.1 permite a atacantes remotos autenticados leer ficheros de su elecci\u00f3n mediante vectores no especificados."
}
],
"id": "CVE-2009-4815",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-04-27T15:30:00.703",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37847"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/37414"
},
{
"source": "cve@mitre.org",
"url": "http://www.serv-u.com/releasenotes/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3595"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54932"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37847"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/37414"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.serv-u.com/releasenotes/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3595"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54932"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-4006
Vulnerability from fkie_nvd - Published: 2009-11-20 11:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft Serv-U FTP server 7.0.0.1, 9.0.0.5, and other versions before 9.1.0.0 allows remote attackers to execute arbitrary code via a long hexadecimal string.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "92DB160E-82FF-4360-970B-9DA8F8C80C7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "97835C15-FDFA-4483-B8F5-062731E912B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "64D43FB7-6D9C-46AE-9831-6C1A8CF8146E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CE52F36F-FA2F-476C-9F30-5F74DC0F3D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D000B5-04D7-431C-AA2B-BC8D0475A518",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C74BAC99-DF37-4AE4-AF48-69C6E855CEC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "50FCBA2E-F6EE-4C52-B2DA-5174EF110DF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E40D1816-BD4A-4405-8461-07DA732C5CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0CD3CE83-3E37-464C-A511-CDF7E735E58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "243CCCC8-9860-4440-9E80-12668270F330",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BFE008FE-8C8A-4E82-B6EE-93ECBB6A9903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E6D6DD1-D98B-46C1-921C-9B045C234377",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "48FC2D20-D01F-43A7-B49D-6FAFB7889C5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6CEF9A0E-7D4E-42CA-AD6F-B6F18CA3CFB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "480EE765-C9AF-495E-810E-4153DC250F33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "955439D8-7449-4E82-9EB5-6379002E6D92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D6B101C-1058-45D7-A0B9-26C616691F04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F7EC7360-6AD8-4689-A927-57881C4BF974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CF3956BE-95DE-4656-B987-796053032621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "391013B0-D304-49AF-9FAB-89E9A4E16686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1A4BCC0E-1F1B-4956-BE5D-67FF788652EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B9637A62-B1A9-41D1-905C-DA200DB5A4DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7FE5332-0928-4743-832D-D7E9AB86B5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF325569-354C-4C70-A6EC-A8BFF1FF2AB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "31756C9F-307A-4D1C-8534-5F919EA96C75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:9.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "104F5B91-6267-4B19-A791-FBC49E88B7AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:9.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "809D6AB1-13D5-4589-B564-570114A64AC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:9.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E986938-BE98-4D7A-9C92-4ED87968E0A9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft Serv-U FTP server 7.0.0.1, 9.0.0.5, and other versions before 9.1.0.0 allows remote attackers to execute arbitrary code via a long hexadecimal string."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en el algoritmo de decodificaci\u00f3n TEA en servidor FTP Serv-U de RhinoSoft versiones 7.0.0.1, 9.0.0.5 y otras versiones anteriores a 9.1.0.0, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de una cadena hexadecimal larga."
}
],
"id": "CVE-2009-4006",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-11-20T11:30:00.297",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37228"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2009-46/"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/60427"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/507955/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/37051"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1023199"
},
{
"source": "cve@mitre.org",
"url": "http://www.serv-u.com/releasenotes/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3277"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54322"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6142"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37228"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2009-46/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/60427"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/507955/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/37051"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1023199"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.serv-u.com/releasenotes/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3277"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54322"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6142"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-3655
Vulnerability from fkie_nvd - Published: 2009-10-09 14:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Rhino Software Serv-U 7.0.0.1 through 8.2.0.3 allows remote attackers to cause a denial of service (server crash) via unspecified vectors related to the "SITE SET TRANSFERPROGRESS ON" FTP command.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| solarwinds | serv-u_file_server | 7.0.0.1 | |
| solarwinds | serv-u_file_server | 7.0.0.2 | |
| solarwinds | serv-u_file_server | 7.0.0.3 | |
| solarwinds | serv-u_file_server | 7.0.0.4 | |
| solarwinds | serv-u_file_server | 7.1.0.0 | |
| solarwinds | serv-u_file_server | 7.1.0.1 | |
| solarwinds | serv-u_file_server | 7.1.0.2 | |
| solarwinds | serv-u_file_server | 7.2.0.0 | |
| solarwinds | serv-u_file_server | 7.2.0.1 | |
| solarwinds | serv-u_file_server | 7.3.0.0 | |
| solarwinds | serv-u_file_server | 7.3.0.1 | |
| solarwinds | serv-u_file_server | 7.3.0.2 | |
| solarwinds | serv-u_file_server | 7.4.0.0 | |
| solarwinds | serv-u_file_server | 7.4.0.1 | |
| solarwinds | serv-u_file_server | 8.0.0.1 | |
| solarwinds | serv-u_file_server | 8.0.0.2 | |
| solarwinds | serv-u_file_server | 8.0.0.4 | |
| solarwinds | serv-u_file_server | 8.0.0.5 | |
| solarwinds | serv-u_file_server | 8.0.0.7 | |
| solarwinds | serv-u_file_server | 8.1.0.1 | |
| solarwinds | serv-u_file_server | 8.1.0.3 | |
| solarwinds | serv-u_file_server | 8.2.0.0 | |
| solarwinds | serv-u_file_server | 8.2.0.1 | |
| solarwinds | serv-u_file_server | 8.2.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "92DB160E-82FF-4360-970B-9DA8F8C80C7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "97835C15-FDFA-4483-B8F5-062731E912B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "64D43FB7-6D9C-46AE-9831-6C1A8CF8146E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CE52F36F-FA2F-476C-9F30-5F74DC0F3D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D000B5-04D7-431C-AA2B-BC8D0475A518",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C74BAC99-DF37-4AE4-AF48-69C6E855CEC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "50FCBA2E-F6EE-4C52-B2DA-5174EF110DF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E40D1816-BD4A-4405-8461-07DA732C5CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0CD3CE83-3E37-464C-A511-CDF7E735E58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "243CCCC8-9860-4440-9E80-12668270F330",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BFE008FE-8C8A-4E82-B6EE-93ECBB6A9903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E6D6DD1-D98B-46C1-921C-9B045C234377",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "48FC2D20-D01F-43A7-B49D-6FAFB7889C5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6CEF9A0E-7D4E-42CA-AD6F-B6F18CA3CFB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "480EE765-C9AF-495E-810E-4153DC250F33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "955439D8-7449-4E82-9EB5-6379002E6D92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D6B101C-1058-45D7-A0B9-26C616691F04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F7EC7360-6AD8-4689-A927-57881C4BF974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CF3956BE-95DE-4656-B987-796053032621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "391013B0-D304-49AF-9FAB-89E9A4E16686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1A4BCC0E-1F1B-4956-BE5D-67FF788652EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B9637A62-B1A9-41D1-905C-DA200DB5A4DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7FE5332-0928-4743-832D-D7E9AB86B5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF325569-354C-4C70-A6EC-A8BFF1FF2AB0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Rhino Software Serv-U 7.0.0.1 through 8.2.0.3 allows remote attackers to cause a denial of service (server crash) via unspecified vectors related to the \"SITE SET TRANSFERPROGRESS ON\" FTP command."
},
{
"lang": "es",
"value": "Rhino Software Serv-U v7.0.0.1 a v8.2.0.3 permite a atacantes remotos causar una denegaci\u00f3n de servicio (mediante ca\u00edda del servidor) a trav\u00e9s de vectores no especificados relacionados con el comando FTP \"SITE SET TRANSFERPROGRESS ON\"."
}
],
"id": "CVE-2009-3655",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-10-09T14:30:00.593",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36873"
},
{
"source": "cve@mitre.org",
"url": "http://www.serv-u.com/releasenotes/"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5798"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36873"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.serv-u.com/releasenotes/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5798"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-1031
Vulnerability from fkie_nvd - Published: 2009-03-20 00:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Directory traversal vulnerability in the FTP server in Rhino Software Serv-U File Server 7.0.0.1 through 7.4.0.1 allows remote attackers to create arbitrary directories via a \.. (backslash dot dot) in an MKD request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| solarwinds | serv-u_file_server | 7.0.0.1 | |
| solarwinds | serv-u_file_server | 7.0.0.2 | |
| solarwinds | serv-u_file_server | 7.0.0.3 | |
| solarwinds | serv-u_file_server | 7.0.0.4 | |
| solarwinds | serv-u_file_server | 7.1.0.0 | |
| solarwinds | serv-u_file_server | 7.1.0.1 | |
| solarwinds | serv-u_file_server | 7.1.0.2 | |
| solarwinds | serv-u_file_server | 7.2.0.0 | |
| solarwinds | serv-u_file_server | 7.2.0.1 | |
| solarwinds | serv-u_file_server | 7.3.0.0 | |
| solarwinds | serv-u_file_server | 7.3.0.1 | |
| solarwinds | serv-u_file_server | 7.3.0.2 | |
| solarwinds | serv-u_file_server | 7.4.0.0 | |
| solarwinds | serv-u_file_server | 7.4.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "92DB160E-82FF-4360-970B-9DA8F8C80C7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "97835C15-FDFA-4483-B8F5-062731E912B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "64D43FB7-6D9C-46AE-9831-6C1A8CF8146E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CE52F36F-FA2F-476C-9F30-5F74DC0F3D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D000B5-04D7-431C-AA2B-BC8D0475A518",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C74BAC99-DF37-4AE4-AF48-69C6E855CEC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "50FCBA2E-F6EE-4C52-B2DA-5174EF110DF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E40D1816-BD4A-4405-8461-07DA732C5CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0CD3CE83-3E37-464C-A511-CDF7E735E58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "243CCCC8-9860-4440-9E80-12668270F330",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BFE008FE-8C8A-4E82-B6EE-93ECBB6A9903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E6D6DD1-D98B-46C1-921C-9B045C234377",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "48FC2D20-D01F-43A7-B49D-6FAFB7889C5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6CEF9A0E-7D4E-42CA-AD6F-B6F18CA3CFB5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the FTP server in Rhino Software Serv-U File Server 7.0.0.1 through 7.4.0.1 allows remote attackers to create arbitrary directories via a \\.. (backslash dot dot) in an MKD request."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en el servidor FTP en Rhino Software Serv-U File Server v7.4.0.1 permite a atacantes remotos crear directorios de su elecci\u00f3n a trav\u00e9s de \\.. (barra invertida punto punto) en una petici\u00f3n MKD."
}
],
"id": "CVE-2009-1031",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-03-20T00:30:00.717",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/52773"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34329"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/34125"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/0738"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49258"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/8211"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/52773"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34329"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34125"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/0738"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49258"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/8211"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-0967
Vulnerability from fkie_nvd - Published: 2009-03-19 10:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
The FTP server in Serv-U 7.0.0.1 through 7.4.0.1 allows remote authenticated users to cause a denial of service (service hang) via a large number of SMNT commands without an argument.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| solarwinds | serv-u_file_server | 7.0.0.1 | |
| solarwinds | serv-u_file_server | 7.0.0.2 | |
| solarwinds | serv-u_file_server | 7.0.0.3 | |
| solarwinds | serv-u_file_server | 7.0.0.4 | |
| solarwinds | serv-u_file_server | 7.1.0.0 | |
| solarwinds | serv-u_file_server | 7.1.0.1 | |
| solarwinds | serv-u_file_server | 7.1.0.2 | |
| solarwinds | serv-u_file_server | 7.2.0.0 | |
| solarwinds | serv-u_file_server | 7.2.0.1 | |
| solarwinds | serv-u_file_server | 7.3.0.0 | |
| solarwinds | serv-u_file_server | 7.3.0.1 | |
| solarwinds | serv-u_file_server | 7.3.0.2 | |
| solarwinds | serv-u_file_server | 7.4.0.0 | |
| solarwinds | serv-u_file_server | 7.4.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "92DB160E-82FF-4360-970B-9DA8F8C80C7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "97835C15-FDFA-4483-B8F5-062731E912B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "64D43FB7-6D9C-46AE-9831-6C1A8CF8146E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CE52F36F-FA2F-476C-9F30-5F74DC0F3D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D000B5-04D7-431C-AA2B-BC8D0475A518",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C74BAC99-DF37-4AE4-AF48-69C6E855CEC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "50FCBA2E-F6EE-4C52-B2DA-5174EF110DF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E40D1816-BD4A-4405-8461-07DA732C5CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0CD3CE83-3E37-464C-A511-CDF7E735E58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "243CCCC8-9860-4440-9E80-12668270F330",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BFE008FE-8C8A-4E82-B6EE-93ECBB6A9903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E6D6DD1-D98B-46C1-921C-9B045C234377",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "48FC2D20-D01F-43A7-B49D-6FAFB7889C5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6CEF9A0E-7D4E-42CA-AD6F-B6F18CA3CFB5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The FTP server in Serv-U 7.0.0.1 through 7.4.0.1 allows remote authenticated users to cause a denial of service (service hang) via a large number of SMNT commands without an argument."
},
{
"lang": "es",
"value": "El servidor FTP en Serv-U versiones 7.0.0.1 hasta 7.4.0.1, permite a los usuarios remotos autenticados causar una denegaci\u00f3n de servicio (bloqueo de servicio) por medio de un gran n\u00famero de comandos SMNT sin un argumento."
}
],
"id": "CVE-2009-0967",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-03-19T10:30:00.530",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/34127"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49260"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/8212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34127"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49260"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/8212"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-4500
Vulnerability from fkie_nvd - Published: 2008-10-09 00:00 - Updated: 2025-04-09 00:30
Severity ?
Summary
Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted stou command, probably related to MS-DOS device names, as demonstrated using "con:1".
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| solarwinds | serv-u_file_server | 7.0.0.1 | |
| solarwinds | serv-u_file_server | 7.0.0.2 | |
| solarwinds | serv-u_file_server | 7.0.0.3 | |
| solarwinds | serv-u_file_server | 7.0.0.4 | |
| solarwinds | serv-u_file_server | 7.1.0.0 | |
| solarwinds | serv-u_file_server | 7.1.0.1 | |
| solarwinds | serv-u_file_server | 7.1.0.2 | |
| solarwinds | serv-u_file_server | 7.2.0.0 | |
| solarwinds | serv-u_file_server | 7.2.0.1 | |
| solarwinds | serv-u_file_server | 7.3.0.0 | |
| solarwinds | serv-u_file_server | 7.3.0.1 | |
| solarwinds | serv-u_file_server | 7.3.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "92DB160E-82FF-4360-970B-9DA8F8C80C7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "97835C15-FDFA-4483-B8F5-062731E912B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "64D43FB7-6D9C-46AE-9831-6C1A8CF8146E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CE52F36F-FA2F-476C-9F30-5F74DC0F3D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D000B5-04D7-431C-AA2B-BC8D0475A518",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C74BAC99-DF37-4AE4-AF48-69C6E855CEC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "50FCBA2E-F6EE-4C52-B2DA-5174EF110DF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E40D1816-BD4A-4405-8461-07DA732C5CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0CD3CE83-3E37-464C-A511-CDF7E735E58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "243CCCC8-9860-4440-9E80-12668270F330",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BFE008FE-8C8A-4E82-B6EE-93ECBB6A9903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E6D6DD1-D98B-46C1-921C-9B045C234377",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted stou command, probably related to MS-DOS device names, as demonstrated using \"con:1\"."
},
{
"lang": "es",
"value": "Serv-U v7.3, y v7.2.0.1 y anteriores, permite a usuarios autenticados en remoto provocar una denegaci\u00f3n de servicio (consumo de la CPU) a trav\u00e9s de un comando stou manipulado; probablemente est\u00e1 relacionado con los nombres de dispositivo de MS-DOS, como se ha demostrado usando \"con:1\""
}
],
"id": "CVE-2008-4500",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-10-09T00:00:01.180",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32150"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4377"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/31556"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2746"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45652"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/6660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32150"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4377"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/31556"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2746"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45652"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/6660"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-4501
Vulnerability from fkie_nvd - Published: 2008-10-09 00:00 - Updated: 2025-04-09 00:30
Severity ?
Summary
Directory traversal vulnerability in the FTP server in Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to overwrite or create arbitrary files via a ..\ (dot dot backslash) in the RNTO command.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| solarwinds | serv-u_file_server | 7.0.0.1 | |
| solarwinds | serv-u_file_server | 7.0.0.2 | |
| solarwinds | serv-u_file_server | 7.0.0.3 | |
| solarwinds | serv-u_file_server | 7.0.0.4 | |
| solarwinds | serv-u_file_server | 7.1.0.0 | |
| solarwinds | serv-u_file_server | 7.1.0.1 | |
| solarwinds | serv-u_file_server | 7.1.0.2 | |
| solarwinds | serv-u_file_server | 7.2.0.0 | |
| solarwinds | serv-u_file_server | 7.2.0.1 | |
| solarwinds | serv-u_file_server | 7.3.0.0 | |
| solarwinds | serv-u_file_server | 7.3.0.1 | |
| solarwinds | serv-u_file_server | 7.3.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "92DB160E-82FF-4360-970B-9DA8F8C80C7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "97835C15-FDFA-4483-B8F5-062731E912B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "64D43FB7-6D9C-46AE-9831-6C1A8CF8146E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CE52F36F-FA2F-476C-9F30-5F74DC0F3D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D000B5-04D7-431C-AA2B-BC8D0475A518",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C74BAC99-DF37-4AE4-AF48-69C6E855CEC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "50FCBA2E-F6EE-4C52-B2DA-5174EF110DF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E40D1816-BD4A-4405-8461-07DA732C5CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0CD3CE83-3E37-464C-A511-CDF7E735E58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "243CCCC8-9860-4440-9E80-12668270F330",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BFE008FE-8C8A-4E82-B6EE-93ECBB6A9903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E6D6DD1-D98B-46C1-921C-9B045C234377",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the FTP server in Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to overwrite or create arbitrary files via a ..\\ (dot dot backslash) in the RNTO command."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en el servidor FTP de Serv-U v7.3, y v7.2.0.1 y anteriores, permite a usuarios autenticados en remoto sobrescribir o crear ficheros de su elecci\u00f3n mediante un ..\\ (punto punto barra invertida) en el comando RNTO."
}
],
"id": "CVE-2008-4501",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-10-09T00:00:01.213",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32150"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4378"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2746"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/6661"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32150"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4378"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2746"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/6661"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-3731
Vulnerability from fkie_nvd - Published: 2008-08-20 16:41 - Updated: 2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in Serv-U File Server 7.0.0.1, and other versions before 7.2.0.1, allows remote authenticated users to cause a denial of service (daemon crash) via an SSH session with SFTP commands for directory creation and logging.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| solarwinds | serv-u_file_server | 7.0.0.1 | |
| solarwinds | serv-u_file_server | 7.0.0.2 | |
| solarwinds | serv-u_file_server | 7.0.0.3 | |
| solarwinds | serv-u_file_server | 7.0.0.4 | |
| solarwinds | serv-u_file_server | 7.1.0.0 | |
| solarwinds | serv-u_file_server | 7.1.0.1 | |
| solarwinds | serv-u_file_server | 7.1.0.2 | |
| solarwinds | serv-u_file_server | 7.2.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "92DB160E-82FF-4360-970B-9DA8F8C80C7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "97835C15-FDFA-4483-B8F5-062731E912B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "64D43FB7-6D9C-46AE-9831-6C1A8CF8146E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CE52F36F-FA2F-476C-9F30-5F74DC0F3D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D000B5-04D7-431C-AA2B-BC8D0475A518",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C74BAC99-DF37-4AE4-AF48-69C6E855CEC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "50FCBA2E-F6EE-4C52-B2DA-5174EF110DF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E40D1816-BD4A-4405-8461-07DA732C5CE2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Serv-U File Server 7.0.0.1, and other versions before 7.2.0.1, allows remote authenticated users to cause a denial of service (daemon crash) via an SSH session with SFTP commands for directory creation and logging."
},
{
"lang": "es",
"value": "Una vulnerabilidad no especificada en Serv-U File Server versiones 7.0.0.0.1, y otras versiones anteriores a 7.2.0.1, permite a usuarios autenticados remotos causar una denegaci\u00f3n de servicio (bloqueo del demonio) por medio de una sesi\u00f3n SSH con comandos SFTP para la creaci\u00f3n y registro de directorios."
}
],
"evaluatorSolution": "Upgrade to 7.2.0.1",
"id": "CVE-2008-3731",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-08-20T16:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31461"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/30739"
},
{
"source": "cve@mitre.org",
"url": "http://www.serv-u.com/releasenotes/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44537"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31461"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/30739"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.serv-u.com/releasenotes/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44537"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2021-25179 (GCVE-0-2021-25179)
Vulnerability from cvelistv5 – Published: 2021-05-05 02:40 – Updated: 2024-08-03 19:56
VLAI?
Summary
SolarWinds Serv-U before 15.2 is affected by Cross Site Scripting (XSS) via the HTTP Host header.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:10.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.linkedin.com/in/gabrielegristina"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/gm4tr1x"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/matrix"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-2_release_notes.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SolarWinds Serv-U before 15.2 is affected by Cross Site Scripting (XSS) via the HTTP Host header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-05T02:40:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.linkedin.com/in/gabrielegristina"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/gm4tr1x"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/matrix"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-2_release_notes.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-25179",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SolarWinds Serv-U before 15.2 is affected by Cross Site Scripting (XSS) via the HTTP Host header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.linkedin.com/in/gabrielegristina",
"refsource": "MISC",
"url": "https://www.linkedin.com/in/gabrielegristina"
},
{
"name": "https://twitter.com/gm4tr1x",
"refsource": "MISC",
"url": "https://twitter.com/gm4tr1x"
},
{
"name": "https://github.com/matrix",
"refsource": "MISC",
"url": "https://github.com/matrix"
},
{
"name": "https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-2_release_notes.htm",
"refsource": "MISC",
"url": "https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-2_release_notes.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-25179",
"datePublished": "2021-05-05T02:40:13",
"dateReserved": "2021-01-15T00:00:00",
"dateUpdated": "2024-08-03T19:56:10.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4800 (GCVE-0-2011-4800)
Vulnerability from cvelistv5 – Published: 2011-12-14 00:00 – Updated: 2024-09-16 23:01
VLAI?
Summary
Directory traversal vulnerability in Serv-U FTP Server before 11.1.0.5 allows remote authenticated users to read and write arbitrary files, and list and create arbitrary directories, via a "..:/" (dot dot colon forward slash) in the (1) list, (2) put, or (3) get commands.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:16:34.926Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20111130 Serv-U Remote",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-11/0454.html"
},
{
"name": "47021",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47021"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.serv-u.com/releasenotes/"
},
{
"name": "18182",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18182"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Serv-U FTP Server before 11.1.0.5 allows remote authenticated users to read and write arbitrary files, and list and create arbitrary directories, via a \"..:/\" (dot dot colon forward slash) in the (1) list, (2) put, or (3) get commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-12-14T00:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20111130 Serv-U Remote",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-11/0454.html"
},
{
"name": "47021",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47021"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.serv-u.com/releasenotes/"
},
{
"name": "18182",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18182"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4800",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Serv-U FTP Server before 11.1.0.5 allows remote authenticated users to read and write arbitrary files, and list and create arbitrary directories, via a \"..:/\" (dot dot colon forward slash) in the (1) list, (2) put, or (3) get commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20111130 Serv-U Remote",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-11/0454.html"
},
{
"name": "47021",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47021"
},
{
"name": "http://www.serv-u.com/releasenotes/",
"refsource": "CONFIRM",
"url": "http://www.serv-u.com/releasenotes/"
},
{
"name": "18182",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18182"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4800",
"datePublished": "2011-12-14T00:00:00Z",
"dateReserved": "2011-12-13T00:00:00Z",
"dateUpdated": "2024-09-16T23:01:04.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4815 (GCVE-0-2009-4815)
Vulnerability from cvelistv5 – Published: 2010-04-27 15:00 – Updated: 2024-08-07 07:17
VLAI?
Summary
Directory traversal vulnerability in Serv-U before 9.2.0.1 allows remote authenticated users to read arbitrary files via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:17:25.935Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37414",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37414"
},
{
"name": "37847",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37847"
},
{
"name": "fileserver-unspecified-info-disclosure(54932)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54932"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.serv-u.com/releasenotes/"
},
{
"name": "ADV-2009-3595",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3595"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Serv-U before 9.2.0.1 allows remote authenticated users to read arbitrary files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37414",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37414"
},
{
"name": "37847",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37847"
},
{
"name": "fileserver-unspecified-info-disclosure(54932)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54932"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.serv-u.com/releasenotes/"
},
{
"name": "ADV-2009-3595",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3595"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4815",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Serv-U before 9.2.0.1 allows remote authenticated users to read arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37414",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37414"
},
{
"name": "37847",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37847"
},
{
"name": "fileserver-unspecified-info-disclosure(54932)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54932"
},
{
"name": "http://www.serv-u.com/releasenotes/",
"refsource": "CONFIRM",
"url": "http://www.serv-u.com/releasenotes/"
},
{
"name": "ADV-2009-3595",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3595"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4815",
"datePublished": "2010-04-27T15:00:00",
"dateReserved": "2010-04-27T00:00:00",
"dateUpdated": "2024-08-07T07:17:25.935Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4006 (GCVE-0-2009-4006)
Vulnerability from cvelistv5 – Published: 2009-11-20 11:00 – Updated: 2024-08-07 06:45
VLAI?
Summary
Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft Serv-U FTP server 7.0.0.1, 9.0.0.5, and other versions before 9.1.0.0 allows remote attackers to execute arbitrary code via a long hexadecimal string.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:45:51.054Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "60427",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/60427"
},
{
"name": "1023199",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023199"
},
{
"name": "20091118 Secunia Research: RhinoSoft Serv-U TEA Decoding Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/507955/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2009-46/"
},
{
"name": "oval:org.mitre.oval:def:6142",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6142"
},
{
"name": "ADV-2009-3277",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3277"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.serv-u.com/releasenotes/"
},
{
"name": "37228",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37228"
},
{
"name": "37051",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37051"
},
{
"name": "servu-tea-bo(54322)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54322"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft Serv-U FTP server 7.0.0.1, 9.0.0.5, and other versions before 9.1.0.0 allows remote attackers to execute arbitrary code via a long hexadecimal string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "60427",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/60427"
},
{
"name": "1023199",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023199"
},
{
"name": "20091118 Secunia Research: RhinoSoft Serv-U TEA Decoding Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/507955/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2009-46/"
},
{
"name": "oval:org.mitre.oval:def:6142",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6142"
},
{
"name": "ADV-2009-3277",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3277"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.serv-u.com/releasenotes/"
},
{
"name": "37228",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37228"
},
{
"name": "37051",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37051"
},
{
"name": "servu-tea-bo(54322)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54322"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4006",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft Serv-U FTP server 7.0.0.1, 9.0.0.5, and other versions before 9.1.0.0 allows remote attackers to execute arbitrary code via a long hexadecimal string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "60427",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/60427"
},
{
"name": "1023199",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023199"
},
{
"name": "20091118 Secunia Research: RhinoSoft Serv-U TEA Decoding Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507955/100/0/threaded"
},
{
"name": "http://secunia.com/secunia_research/2009-46/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2009-46/"
},
{
"name": "oval:org.mitre.oval:def:6142",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6142"
},
{
"name": "ADV-2009-3277",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3277"
},
{
"name": "http://www.serv-u.com/releasenotes/",
"refsource": "MISC",
"url": "http://www.serv-u.com/releasenotes/"
},
{
"name": "37228",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37228"
},
{
"name": "37051",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37051"
},
{
"name": "servu-tea-bo(54322)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54322"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4006",
"datePublished": "2009-11-20T11:00:00",
"dateReserved": "2009-11-19T00:00:00",
"dateUpdated": "2024-08-07T06:45:51.054Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3655 (GCVE-0-2009-3655)
Vulnerability from cvelistv5 – Published: 2009-10-09 14:18 – Updated: 2024-08-07 06:38
VLAI?
Summary
Rhino Software Serv-U 7.0.0.1 through 8.2.0.3 allows remote attackers to cause a denial of service (server crash) via unspecified vectors related to the "SITE SET TRANSFERPROGRESS ON" FTP command.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:38:29.570Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36873",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36873"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.serv-u.com/releasenotes/"
},
{
"name": "oval:org.mitre.oval:def:5798",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5798"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Rhino Software Serv-U 7.0.0.1 through 8.2.0.3 allows remote attackers to cause a denial of service (server crash) via unspecified vectors related to the \"SITE SET TRANSFERPROGRESS ON\" FTP command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36873",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36873"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.serv-u.com/releasenotes/"
},
{
"name": "oval:org.mitre.oval:def:5798",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5798"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3655",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rhino Software Serv-U 7.0.0.1 through 8.2.0.3 allows remote attackers to cause a denial of service (server crash) via unspecified vectors related to the \"SITE SET TRANSFERPROGRESS ON\" FTP command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36873",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36873"
},
{
"name": "http://www.serv-u.com/releasenotes/",
"refsource": "CONFIRM",
"url": "http://www.serv-u.com/releasenotes/"
},
{
"name": "oval:org.mitre.oval:def:5798",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5798"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3655",
"datePublished": "2009-10-09T14:18:00",
"dateReserved": "2009-10-09T00:00:00",
"dateUpdated": "2024-08-07T06:38:29.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1031 (GCVE-0-2009-1031)
Vulnerability from cvelistv5 – Published: 2009-03-20 00:00 – Updated: 2024-08-07 04:57
VLAI?
Summary
Directory traversal vulnerability in the FTP server in Rhino Software Serv-U File Server 7.0.0.1 through 7.4.0.1 allows remote attackers to create arbitrary directories via a \.. (backslash dot dot) in an MKD request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:57:17.514Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8211",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/8211"
},
{
"name": "34329",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34329"
},
{
"name": "52773",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/52773"
},
{
"name": "ADV-2009-0738",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0738"
},
{
"name": "34125",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34125"
},
{
"name": "servuftp-mkd-dir-traversal(49258)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49258"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-03-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the FTP server in Rhino Software Serv-U File Server 7.0.0.1 through 7.4.0.1 allows remote attackers to create arbitrary directories via a \\.. (backslash dot dot) in an MKD request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8211",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/8211"
},
{
"name": "34329",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34329"
},
{
"name": "52773",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/52773"
},
{
"name": "ADV-2009-0738",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0738"
},
{
"name": "34125",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34125"
},
{
"name": "servuftp-mkd-dir-traversal(49258)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49258"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1031",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the FTP server in Rhino Software Serv-U File Server 7.0.0.1 through 7.4.0.1 allows remote attackers to create arbitrary directories via a \\.. (backslash dot dot) in an MKD request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8211",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8211"
},
{
"name": "34329",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34329"
},
{
"name": "52773",
"refsource": "OSVDB",
"url": "http://osvdb.org/52773"
},
{
"name": "ADV-2009-0738",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0738"
},
{
"name": "34125",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34125"
},
{
"name": "servuftp-mkd-dir-traversal(49258)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49258"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1031",
"datePublished": "2009-03-20T00:00:00",
"dateReserved": "2009-03-19T00:00:00",
"dateUpdated": "2024-08-07T04:57:17.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0967 (GCVE-0-2009-0967)
Vulnerability from cvelistv5 – Published: 2009-03-19 10:00 – Updated: 2024-08-07 04:57
VLAI?
Summary
The FTP server in Serv-U 7.0.0.1 through 7.4.0.1 allows remote authenticated users to cause a denial of service (service hang) via a large number of SMNT commands without an argument.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:57:17.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8212",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/8212"
},
{
"name": "34127",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34127"
},
{
"name": "servuftp-smnt-dos(49260)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49260"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-03-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The FTP server in Serv-U 7.0.0.1 through 7.4.0.1 allows remote authenticated users to cause a denial of service (service hang) via a large number of SMNT commands without an argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8212",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/8212"
},
{
"name": "34127",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34127"
},
{
"name": "servuftp-smnt-dos(49260)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49260"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0967",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The FTP server in Serv-U 7.0.0.1 through 7.4.0.1 allows remote authenticated users to cause a denial of service (service hang) via a large number of SMNT commands without an argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8212",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8212"
},
{
"name": "34127",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34127"
},
{
"name": "servuftp-smnt-dos(49260)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49260"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0967",
"datePublished": "2009-03-19T10:00:00",
"dateReserved": "2009-03-18T00:00:00",
"dateUpdated": "2024-08-07T04:57:17.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4500 (GCVE-0-2008-4500)
Vulnerability from cvelistv5 – Published: 2008-10-08 23:00 – Updated: 2024-08-07 10:17
VLAI?
Summary
Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted stou command, probably related to MS-DOS device names, as demonstrated using "con:1".
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:17:09.766Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "servu-stoucon1-dos(45652)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45652"
},
{
"name": "ADV-2008-2746",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2746"
},
{
"name": "32150",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32150"
},
{
"name": "6660",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6660"
},
{
"name": "4377",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4377"
},
{
"name": "31556",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31556"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted stou command, probably related to MS-DOS device names, as demonstrated using \"con:1\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "servu-stoucon1-dos(45652)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45652"
},
{
"name": "ADV-2008-2746",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2746"
},
{
"name": "32150",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32150"
},
{
"name": "6660",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6660"
},
{
"name": "4377",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4377"
},
{
"name": "31556",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31556"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4500",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted stou command, probably related to MS-DOS device names, as demonstrated using \"con:1\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "servu-stoucon1-dos(45652)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45652"
},
{
"name": "ADV-2008-2746",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2746"
},
{
"name": "32150",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32150"
},
{
"name": "6660",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6660"
},
{
"name": "4377",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4377"
},
{
"name": "31556",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31556"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4500",
"datePublished": "2008-10-08T23:00:00",
"dateReserved": "2008-10-08T00:00:00",
"dateUpdated": "2024-08-07T10:17:09.766Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4501 (GCVE-0-2008-4501)
Vulnerability from cvelistv5 – Published: 2008-10-08 23:00 – Updated: 2024-08-07 10:17
VLAI?
Summary
Directory traversal vulnerability in the FTP server in Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to overwrite or create arbitrary files via a ..\ (dot dot backslash) in the RNTO command.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:17:09.772Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-2746",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2746"
},
{
"name": "6661",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6661"
},
{
"name": "32150",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32150"
},
{
"name": "4378",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4378"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the FTP server in Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to overwrite or create arbitrary files via a ..\\ (dot dot backslash) in the RNTO command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-2746",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2746"
},
{
"name": "6661",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6661"
},
{
"name": "32150",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32150"
},
{
"name": "4378",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4378"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4501",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the FTP server in Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to overwrite or create arbitrary files via a ..\\ (dot dot backslash) in the RNTO command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-2746",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2746"
},
{
"name": "6661",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6661"
},
{
"name": "32150",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32150"
},
{
"name": "4378",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4378"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4501",
"datePublished": "2008-10-08T23:00:00",
"dateReserved": "2008-10-08T00:00:00",
"dateUpdated": "2024-08-07T10:17:09.772Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3731 (GCVE-0-2008-3731)
Vulnerability from cvelistv5 – Published: 2008-08-20 16:00 – Updated: 2024-08-07 09:53
VLAI?
Summary
Unspecified vulnerability in Serv-U File Server 7.0.0.1, and other versions before 7.2.0.1, allows remote authenticated users to cause a denial of service (daemon crash) via an SSH session with SFTP commands for directory creation and logging.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:53:00.485Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30739",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30739"
},
{
"name": "servu-fileserver-sftp-dos(44537)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44537"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.serv-u.com/releasenotes/"
},
{
"name": "31461",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31461"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Serv-U File Server 7.0.0.1, and other versions before 7.2.0.1, allows remote authenticated users to cause a denial of service (daemon crash) via an SSH session with SFTP commands for directory creation and logging."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30739",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30739"
},
{
"name": "servu-fileserver-sftp-dos(44537)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44537"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.serv-u.com/releasenotes/"
},
{
"name": "31461",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31461"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3731",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Serv-U File Server 7.0.0.1, and other versions before 7.2.0.1, allows remote authenticated users to cause a denial of service (daemon crash) via an SSH session with SFTP commands for directory creation and logging."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30739",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30739"
},
{
"name": "servu-fileserver-sftp-dos(44537)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44537"
},
{
"name": "http://www.serv-u.com/releasenotes/",
"refsource": "CONFIRM",
"url": "http://www.serv-u.com/releasenotes/"
},
{
"name": "31461",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31461"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3731",
"datePublished": "2008-08-20T16:00:00",
"dateReserved": "2008-08-20T00:00:00",
"dateUpdated": "2024-08-07T09:53:00.485Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25179 (GCVE-0-2021-25179)
Vulnerability from nvd – Published: 2021-05-05 02:40 – Updated: 2024-08-03 19:56
VLAI?
Summary
SolarWinds Serv-U before 15.2 is affected by Cross Site Scripting (XSS) via the HTTP Host header.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:10.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.linkedin.com/in/gabrielegristina"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/gm4tr1x"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/matrix"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-2_release_notes.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SolarWinds Serv-U before 15.2 is affected by Cross Site Scripting (XSS) via the HTTP Host header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-05T02:40:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.linkedin.com/in/gabrielegristina"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/gm4tr1x"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/matrix"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-2_release_notes.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-25179",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SolarWinds Serv-U before 15.2 is affected by Cross Site Scripting (XSS) via the HTTP Host header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.linkedin.com/in/gabrielegristina",
"refsource": "MISC",
"url": "https://www.linkedin.com/in/gabrielegristina"
},
{
"name": "https://twitter.com/gm4tr1x",
"refsource": "MISC",
"url": "https://twitter.com/gm4tr1x"
},
{
"name": "https://github.com/matrix",
"refsource": "MISC",
"url": "https://github.com/matrix"
},
{
"name": "https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-2_release_notes.htm",
"refsource": "MISC",
"url": "https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-2_release_notes.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-25179",
"datePublished": "2021-05-05T02:40:13",
"dateReserved": "2021-01-15T00:00:00",
"dateUpdated": "2024-08-03T19:56:10.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4800 (GCVE-0-2011-4800)
Vulnerability from nvd – Published: 2011-12-14 00:00 – Updated: 2024-09-16 23:01
VLAI?
Summary
Directory traversal vulnerability in Serv-U FTP Server before 11.1.0.5 allows remote authenticated users to read and write arbitrary files, and list and create arbitrary directories, via a "..:/" (dot dot colon forward slash) in the (1) list, (2) put, or (3) get commands.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:16:34.926Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20111130 Serv-U Remote",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-11/0454.html"
},
{
"name": "47021",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47021"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.serv-u.com/releasenotes/"
},
{
"name": "18182",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18182"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Serv-U FTP Server before 11.1.0.5 allows remote authenticated users to read and write arbitrary files, and list and create arbitrary directories, via a \"..:/\" (dot dot colon forward slash) in the (1) list, (2) put, or (3) get commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-12-14T00:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20111130 Serv-U Remote",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-11/0454.html"
},
{
"name": "47021",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47021"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.serv-u.com/releasenotes/"
},
{
"name": "18182",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18182"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4800",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Serv-U FTP Server before 11.1.0.5 allows remote authenticated users to read and write arbitrary files, and list and create arbitrary directories, via a \"..:/\" (dot dot colon forward slash) in the (1) list, (2) put, or (3) get commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20111130 Serv-U Remote",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-11/0454.html"
},
{
"name": "47021",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47021"
},
{
"name": "http://www.serv-u.com/releasenotes/",
"refsource": "CONFIRM",
"url": "http://www.serv-u.com/releasenotes/"
},
{
"name": "18182",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18182"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4800",
"datePublished": "2011-12-14T00:00:00Z",
"dateReserved": "2011-12-13T00:00:00Z",
"dateUpdated": "2024-09-16T23:01:04.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4815 (GCVE-0-2009-4815)
Vulnerability from nvd – Published: 2010-04-27 15:00 – Updated: 2024-08-07 07:17
VLAI?
Summary
Directory traversal vulnerability in Serv-U before 9.2.0.1 allows remote authenticated users to read arbitrary files via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:17:25.935Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37414",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37414"
},
{
"name": "37847",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37847"
},
{
"name": "fileserver-unspecified-info-disclosure(54932)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54932"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.serv-u.com/releasenotes/"
},
{
"name": "ADV-2009-3595",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3595"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Serv-U before 9.2.0.1 allows remote authenticated users to read arbitrary files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37414",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37414"
},
{
"name": "37847",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37847"
},
{
"name": "fileserver-unspecified-info-disclosure(54932)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54932"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.serv-u.com/releasenotes/"
},
{
"name": "ADV-2009-3595",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3595"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4815",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Serv-U before 9.2.0.1 allows remote authenticated users to read arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37414",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37414"
},
{
"name": "37847",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37847"
},
{
"name": "fileserver-unspecified-info-disclosure(54932)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54932"
},
{
"name": "http://www.serv-u.com/releasenotes/",
"refsource": "CONFIRM",
"url": "http://www.serv-u.com/releasenotes/"
},
{
"name": "ADV-2009-3595",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3595"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4815",
"datePublished": "2010-04-27T15:00:00",
"dateReserved": "2010-04-27T00:00:00",
"dateUpdated": "2024-08-07T07:17:25.935Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4006 (GCVE-0-2009-4006)
Vulnerability from nvd – Published: 2009-11-20 11:00 – Updated: 2024-08-07 06:45
VLAI?
Summary
Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft Serv-U FTP server 7.0.0.1, 9.0.0.5, and other versions before 9.1.0.0 allows remote attackers to execute arbitrary code via a long hexadecimal string.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:45:51.054Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "60427",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/60427"
},
{
"name": "1023199",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023199"
},
{
"name": "20091118 Secunia Research: RhinoSoft Serv-U TEA Decoding Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/507955/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2009-46/"
},
{
"name": "oval:org.mitre.oval:def:6142",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6142"
},
{
"name": "ADV-2009-3277",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3277"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.serv-u.com/releasenotes/"
},
{
"name": "37228",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37228"
},
{
"name": "37051",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37051"
},
{
"name": "servu-tea-bo(54322)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54322"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft Serv-U FTP server 7.0.0.1, 9.0.0.5, and other versions before 9.1.0.0 allows remote attackers to execute arbitrary code via a long hexadecimal string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "60427",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/60427"
},
{
"name": "1023199",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023199"
},
{
"name": "20091118 Secunia Research: RhinoSoft Serv-U TEA Decoding Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/507955/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2009-46/"
},
{
"name": "oval:org.mitre.oval:def:6142",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6142"
},
{
"name": "ADV-2009-3277",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3277"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.serv-u.com/releasenotes/"
},
{
"name": "37228",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37228"
},
{
"name": "37051",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37051"
},
{
"name": "servu-tea-bo(54322)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54322"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4006",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft Serv-U FTP server 7.0.0.1, 9.0.0.5, and other versions before 9.1.0.0 allows remote attackers to execute arbitrary code via a long hexadecimal string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "60427",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/60427"
},
{
"name": "1023199",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023199"
},
{
"name": "20091118 Secunia Research: RhinoSoft Serv-U TEA Decoding Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507955/100/0/threaded"
},
{
"name": "http://secunia.com/secunia_research/2009-46/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2009-46/"
},
{
"name": "oval:org.mitre.oval:def:6142",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6142"
},
{
"name": "ADV-2009-3277",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3277"
},
{
"name": "http://www.serv-u.com/releasenotes/",
"refsource": "MISC",
"url": "http://www.serv-u.com/releasenotes/"
},
{
"name": "37228",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37228"
},
{
"name": "37051",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37051"
},
{
"name": "servu-tea-bo(54322)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54322"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4006",
"datePublished": "2009-11-20T11:00:00",
"dateReserved": "2009-11-19T00:00:00",
"dateUpdated": "2024-08-07T06:45:51.054Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3655 (GCVE-0-2009-3655)
Vulnerability from nvd – Published: 2009-10-09 14:18 – Updated: 2024-08-07 06:38
VLAI?
Summary
Rhino Software Serv-U 7.0.0.1 through 8.2.0.3 allows remote attackers to cause a denial of service (server crash) via unspecified vectors related to the "SITE SET TRANSFERPROGRESS ON" FTP command.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:38:29.570Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36873",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36873"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.serv-u.com/releasenotes/"
},
{
"name": "oval:org.mitre.oval:def:5798",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5798"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Rhino Software Serv-U 7.0.0.1 through 8.2.0.3 allows remote attackers to cause a denial of service (server crash) via unspecified vectors related to the \"SITE SET TRANSFERPROGRESS ON\" FTP command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36873",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36873"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.serv-u.com/releasenotes/"
},
{
"name": "oval:org.mitre.oval:def:5798",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5798"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3655",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rhino Software Serv-U 7.0.0.1 through 8.2.0.3 allows remote attackers to cause a denial of service (server crash) via unspecified vectors related to the \"SITE SET TRANSFERPROGRESS ON\" FTP command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36873",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36873"
},
{
"name": "http://www.serv-u.com/releasenotes/",
"refsource": "CONFIRM",
"url": "http://www.serv-u.com/releasenotes/"
},
{
"name": "oval:org.mitre.oval:def:5798",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5798"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3655",
"datePublished": "2009-10-09T14:18:00",
"dateReserved": "2009-10-09T00:00:00",
"dateUpdated": "2024-08-07T06:38:29.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1031 (GCVE-0-2009-1031)
Vulnerability from nvd – Published: 2009-03-20 00:00 – Updated: 2024-08-07 04:57
VLAI?
Summary
Directory traversal vulnerability in the FTP server in Rhino Software Serv-U File Server 7.0.0.1 through 7.4.0.1 allows remote attackers to create arbitrary directories via a \.. (backslash dot dot) in an MKD request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:57:17.514Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8211",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/8211"
},
{
"name": "34329",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34329"
},
{
"name": "52773",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/52773"
},
{
"name": "ADV-2009-0738",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0738"
},
{
"name": "34125",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34125"
},
{
"name": "servuftp-mkd-dir-traversal(49258)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49258"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-03-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the FTP server in Rhino Software Serv-U File Server 7.0.0.1 through 7.4.0.1 allows remote attackers to create arbitrary directories via a \\.. (backslash dot dot) in an MKD request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8211",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/8211"
},
{
"name": "34329",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34329"
},
{
"name": "52773",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/52773"
},
{
"name": "ADV-2009-0738",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0738"
},
{
"name": "34125",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34125"
},
{
"name": "servuftp-mkd-dir-traversal(49258)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49258"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1031",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the FTP server in Rhino Software Serv-U File Server 7.0.0.1 through 7.4.0.1 allows remote attackers to create arbitrary directories via a \\.. (backslash dot dot) in an MKD request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8211",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8211"
},
{
"name": "34329",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34329"
},
{
"name": "52773",
"refsource": "OSVDB",
"url": "http://osvdb.org/52773"
},
{
"name": "ADV-2009-0738",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0738"
},
{
"name": "34125",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34125"
},
{
"name": "servuftp-mkd-dir-traversal(49258)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49258"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1031",
"datePublished": "2009-03-20T00:00:00",
"dateReserved": "2009-03-19T00:00:00",
"dateUpdated": "2024-08-07T04:57:17.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0967 (GCVE-0-2009-0967)
Vulnerability from nvd – Published: 2009-03-19 10:00 – Updated: 2024-08-07 04:57
VLAI?
Summary
The FTP server in Serv-U 7.0.0.1 through 7.4.0.1 allows remote authenticated users to cause a denial of service (service hang) via a large number of SMNT commands without an argument.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:57:17.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8212",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/8212"
},
{
"name": "34127",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34127"
},
{
"name": "servuftp-smnt-dos(49260)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49260"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-03-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The FTP server in Serv-U 7.0.0.1 through 7.4.0.1 allows remote authenticated users to cause a denial of service (service hang) via a large number of SMNT commands without an argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8212",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/8212"
},
{
"name": "34127",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34127"
},
{
"name": "servuftp-smnt-dos(49260)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49260"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0967",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The FTP server in Serv-U 7.0.0.1 through 7.4.0.1 allows remote authenticated users to cause a denial of service (service hang) via a large number of SMNT commands without an argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8212",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8212"
},
{
"name": "34127",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34127"
},
{
"name": "servuftp-smnt-dos(49260)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49260"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0967",
"datePublished": "2009-03-19T10:00:00",
"dateReserved": "2009-03-18T00:00:00",
"dateUpdated": "2024-08-07T04:57:17.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4500 (GCVE-0-2008-4500)
Vulnerability from nvd – Published: 2008-10-08 23:00 – Updated: 2024-08-07 10:17
VLAI?
Summary
Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted stou command, probably related to MS-DOS device names, as demonstrated using "con:1".
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:17:09.766Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "servu-stoucon1-dos(45652)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45652"
},
{
"name": "ADV-2008-2746",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2746"
},
{
"name": "32150",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32150"
},
{
"name": "6660",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6660"
},
{
"name": "4377",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4377"
},
{
"name": "31556",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31556"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted stou command, probably related to MS-DOS device names, as demonstrated using \"con:1\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "servu-stoucon1-dos(45652)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45652"
},
{
"name": "ADV-2008-2746",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2746"
},
{
"name": "32150",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32150"
},
{
"name": "6660",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6660"
},
{
"name": "4377",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4377"
},
{
"name": "31556",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31556"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4500",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted stou command, probably related to MS-DOS device names, as demonstrated using \"con:1\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "servu-stoucon1-dos(45652)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45652"
},
{
"name": "ADV-2008-2746",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2746"
},
{
"name": "32150",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32150"
},
{
"name": "6660",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6660"
},
{
"name": "4377",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4377"
},
{
"name": "31556",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31556"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4500",
"datePublished": "2008-10-08T23:00:00",
"dateReserved": "2008-10-08T00:00:00",
"dateUpdated": "2024-08-07T10:17:09.766Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4501 (GCVE-0-2008-4501)
Vulnerability from nvd – Published: 2008-10-08 23:00 – Updated: 2024-08-07 10:17
VLAI?
Summary
Directory traversal vulnerability in the FTP server in Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to overwrite or create arbitrary files via a ..\ (dot dot backslash) in the RNTO command.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:17:09.772Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-2746",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2746"
},
{
"name": "6661",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6661"
},
{
"name": "32150",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32150"
},
{
"name": "4378",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4378"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the FTP server in Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to overwrite or create arbitrary files via a ..\\ (dot dot backslash) in the RNTO command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-2746",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2746"
},
{
"name": "6661",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6661"
},
{
"name": "32150",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32150"
},
{
"name": "4378",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4378"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4501",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the FTP server in Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to overwrite or create arbitrary files via a ..\\ (dot dot backslash) in the RNTO command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-2746",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2746"
},
{
"name": "6661",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6661"
},
{
"name": "32150",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32150"
},
{
"name": "4378",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4378"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4501",
"datePublished": "2008-10-08T23:00:00",
"dateReserved": "2008-10-08T00:00:00",
"dateUpdated": "2024-08-07T10:17:09.772Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3731 (GCVE-0-2008-3731)
Vulnerability from nvd – Published: 2008-08-20 16:00 – Updated: 2024-08-07 09:53
VLAI?
Summary
Unspecified vulnerability in Serv-U File Server 7.0.0.1, and other versions before 7.2.0.1, allows remote authenticated users to cause a denial of service (daemon crash) via an SSH session with SFTP commands for directory creation and logging.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:53:00.485Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30739",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30739"
},
{
"name": "servu-fileserver-sftp-dos(44537)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44537"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.serv-u.com/releasenotes/"
},
{
"name": "31461",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31461"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Serv-U File Server 7.0.0.1, and other versions before 7.2.0.1, allows remote authenticated users to cause a denial of service (daemon crash) via an SSH session with SFTP commands for directory creation and logging."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30739",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30739"
},
{
"name": "servu-fileserver-sftp-dos(44537)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44537"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.serv-u.com/releasenotes/"
},
{
"name": "31461",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31461"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3731",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Serv-U File Server 7.0.0.1, and other versions before 7.2.0.1, allows remote authenticated users to cause a denial of service (daemon crash) via an SSH session with SFTP commands for directory creation and logging."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30739",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30739"
},
{
"name": "servu-fileserver-sftp-dos(44537)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44537"
},
{
"name": "http://www.serv-u.com/releasenotes/",
"refsource": "CONFIRM",
"url": "http://www.serv-u.com/releasenotes/"
},
{
"name": "31461",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31461"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3731",
"datePublished": "2008-08-20T16:00:00",
"dateReserved": "2008-08-20T00:00:00",
"dateUpdated": "2024-08-07T09:53:00.485Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}