Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
solarwinds serv-u vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2020-27994
SolarWinds Serv-U prior to 15.2.2 allows Authenticated Directory Traversal.
Solarwinds Serv-u
1 Github repository
4
CVSSv2
CVE-2018-10241
A denial of service vulnerability in SolarWinds Serv-U prior to 15.1.6 HFv1 allows an authenticated user to crash the application (with a NULL pointer dereference) via a specially crafted URL beginning with the /Web%20Client/ substring.
Solarwinds Serv-u
NA
CVE-2021-35252
Common encryption key appears to be used across all deployed instances of Serv-U FTP Server. Because of this an encrypted value that is exposed to an attacker can be simply recovered to plaintext.
Solarwinds Serv-u
3.5
CVSSv2
CVE-2020-35482
SolarWinds Serv-U prior to 15.2.2 allows authenticated reflected XSS.
Solarwinds Serv-u
7.5
CVSSv2
CVE-2020-35481
SolarWinds Serv-U prior to 15.2.2 allows Unauthenticated Macro Injection.
Solarwinds Serv-u
4.3
CVSSv2
CVE-2020-15573
SolarWinds Serv-U File Server prior to 15.2.1 has a "Cross-script vulnerability," aka Case Numbers 00041778 and 00306421.
Solarwinds Serv-u
5
CVSSv2
CVE-2020-15574
SolarWinds Serv-U File Server prior to 15.2.1 mishandles the Same-Site cookie attribute, aka Case Number 00331893.
Solarwinds Serv-u
5
CVSSv2
CVE-2020-15576
SolarWinds Serv-U File Server prior to 15.2.1 allows information disclosure via an HTTP response.
Solarwinds Serv-u
6.5
CVSSv2
CVE-2021-35223
The Serv-U File Server allows for events such as user login failures to be audited by executing a command. This command can be supplied with parameters that can take the form of user string variables, allowing remote code execution.
Solarwinds Serv-u
5
CVSSv2
CVE-2018-10240
SolarWinds Serv-U MFT prior to 15.1.6 HFv1 assigns authenticated users a low-entropy session token that can be included in requests to the application as a URL parameter in lieu of a session cookie. This session token's value can be brute-forced by an malicious user to obtai...
Solarwinds Serv-u
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »