Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
solarwinds serv-u vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2020-22428
SolarWinds Serv-U prior to 15.1.6 Hotfix 3 is affected by Cross Site Scripting (XSS) via a directory name (entered by an admin) containing a JavaScript payload.
Solarwinds Serv-u Ftp Server 15.1
Solarwinds Serv-u Mft Server 15.1
NA
CVE-2002-2393
Serv-U FTP server 3.0, 3.1 and 4.0.0.4 does not accept new connections while validating user folder access rights, which allows remote malicious users to cause a denial of service (no new connections) via a series of MKD commands.
Solarwinds Serv-u File Server 3.1.0.0
Solarwinds Serv-u File Server 4.0.0.4
NA
CVE-2001-1463
The remote administration client for RhinoSoft Serv-U 3.0 sends the user password in plaintext even when S/KEY One-Time Password (OTP) authentication is enabled, which allows remote malicious users to sniff passwords.
Solarwinds Serv-u File Server 3.0.0.16
Solarwinds Serv-u File Server 3.0.0.17
8.8
CVSSv3
CVE-2019-12769
SolarWinds Serv-U Managed File Transfer (MFT) Web client prior to 15.1.6 Hotfix 2 is vulnerable to Cross-Site Request Forgery in the file upload functionality via ?Command=Upload with the Dir and File parameters.
Solarwinds Serv-u Managed File Transfer
Solarwinds Serv-u Managed File Transfer 15.1.6
7.5
CVSSv3
CVE-2023-23841
SolarWinds Serv-U is submitting an HTTP request when changing or updating the attributes for File Share or File request.? Part of the URL of the request discloses sensitive data.
Solarwinds Serv-u
4.3
CVSSv3
CVE-2021-35249
This broken access control vulnerability pertains specifically to a domain admin who can access configuration & user data of other domains which they should not have access to. Please note the admin is unable to modify the data (read only operation). This UAC issue leads to a...
Solarwinds Serv-u
5.4
CVSSv3
CVE-2020-28001
SolarWinds Serv-U prior to 15.2.2 allows Authenticated Stored XSS.
Solarwinds Serv-u
5.4
CVSSv3
CVE-2021-32604
Share/IncomingWizard.htm in SolarWinds Serv-U prior to 15.2.3 mishandles the user-supplied SenderEmail parameter, aka "Share URL XSS."
Solarwinds Serv-u
7.5
CVSSv3
CVE-2021-3154
An issue exists in SolarWinds Serv-U prior to 15.2.2. Unauthenticated attackers can retrieve cleartext passwords via macro Injection. NOTE: this had a distinct fix relative to CVE-2020-35481.
Solarwinds Serv-u
6.1
CVSSv3
CVE-2020-15575
SolarWinds Serv-U File Server prior to 15.2.1 allows XSS as demonstrated by Tenable Scan, aka Case Number 00484194.
Solarwinds Serv-u
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-36920
buffer overflow
CVE-2024-36913
CVE-2024-5497
CVE-2024-23917
CVE-2024-4956
server-side request forgery
CVE-2024-35468
SSTI
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »