Published: 31/12/2004 Updated: 28/07/2020

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Serv-U FTP server prior to 5.1.0.0 has a default account and password for local administration, which allows local users to execute arbitrary commands by connecting to the server using the default administrator account, creating a new user, logging in as that new user, and then using the SITE EXEC command.

Vulnerable Product	Search on Vulmon	Subscribe to Product
solarwinds serv-u file server 4.0.0.4
solarwinds serv-u file server 3.1.0.0
solarwinds serv-u file server 3.1.0.1
solarwinds serv-u file server 5.0.0.0
solarwinds serv-u file server
solarwinds serv-u file server 3.1.0.3
solarwinds serv-u file server 3.0.0.16
solarwinds serv-u file server 4.1.0.0
solarwinds serv-u file server 4.1.0.3
solarwinds serv-u file server 5.0.0.4
solarwinds serv-u file server 5.0.0.9
solarwinds serv-u file server 3.0.0.17

/* * Hax0rcitos proudly presents * Serv-u Local Exploit >v3x (tested also against last version 5100) * * All Serv-u Versions have default Login/password for local Administration * This account is only available to connect in the loopback interface, so a * local user will be able to connect to Serv-u with this account and create * an ...

CWE-255 http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0216.html http://www.securityfocus.com/bid/10886 http://www.osvdb.org/8877 https://exchange.xforce.ibmcloud.com/vulnerabilities/16925 https://nvd.nist.gov https://www.exploit-db.com/exploits/381/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2004-2532

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect