Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
NA

CVE-2024-28995

Published: 06/06/2024 Updated: 11/06/2024
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 0

Vulnerability Summary

SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

solarwinds serv-u 15.4.2

solarwinds serv-u

Vendor Advisories

Check Point Security Alerts: SolarWinds Serv-U Directory Traversal (CVE-2024-28995)
Check Point Reference: CPAI-2024-0408 Date Published: 23 Jun 2024 Severity: High ...

Github Repositories

https://github.com/bigb0x/CVE-2024-28995

CVE-2024-28995 POC Vulnerability Scanner

CVE-2024-28995 PoC and Bulk Scanner Overview This repository contains a proof-of-concept (PoC) and a bulk scanner for the SolarWinds Serv-U CVE-2024-28995 directory traversal vulnerability This vulnerability allows unauthorized access to read sensitive files on the host machine The vulnerability was discovered and reported by Hussein Daher Features Single Target Scan: Scan

https://github.com/0xkucing/CVE-2024-28995

Exploit for CVE-2024-28995

Exploit For CVE-2024-28995 On June 5, 2024, SolarWinds published an advisory for CVE-2024-28995, a high-severity directory traversal vulnerability affecting their file transfer solution Serv-U The vulnerability was discovered by researcher Hussein Daher of Web Immunify Using exploit python3 CVE-2024-28995py -t examplecom/ -f somefile

https://github.com/krypton-kry/CVE-2024-28995

CVE-2024-28995 PoC

CVE-2024-28995 (PoC) SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine Queries Shodan: product:"Rhinosoft Serv-U httpd" "Serv-U FTP Server" Fofa: app="SolarWinds-Serv-U-FTP" References nvdnistgov/vuln/detail/CVE-2024-28995 wwwso

https://github.com/ggfzx/CVE-2024-28995

CVE-2024-28995 声明 本工具仅用于个人安全研究学习。由于传播、利用本工具而造成的任何直接或者间接的后果及损失,均由使用者本人负责,工具作者不为此承担任何责任。 version = 154 NAME: Serv-U - 任意文件读取 USAGE: [global options] command [command options] [arguments] COMMANDS: help, h Shows a list of co

https://github.com/huseyinstif/CVE-2024-28995-Nuclei-Template

CVE-2024-28995 Nuclei Template Checks for directory traversal vulnerability in Serv-U versions 1542 and below, which allows reading sensitive files like /etc/passwd Template Details id: CVE-2024-28995 info: name: Serv-U Directory Traversal Vulnerability author: Hüseyin TINTAŞ severity: high description: Checks for directory traversal vulnerability in Serv-U ve

https://github.com/karkis3c/cves

SolarWinds Serv-U Directory Traversal Vulnerability POC

SolarWinds Serv-U Directory Traversal Vulnerability POC cat targetstxt | nuclei -duc -t CVE-2024-28995yaml Analysis tco/JPCd6Y4v1g

https://github.com/security-xm/yaml-pocs

前言 本项目存放每日漏洞复现yaml格式poc。 每一个POC均通过本人测试验证。 测试Nuclei版本:328 POC 列表 世邦通信SPON-IP网络对讲广播系统addscenedataphp任意文件上传漏洞(SPON_Intercom_addscenedata_Fileuploadyaml) 泛微e-office-mobile_upload_save任意文件上传漏洞(Weaver_e-office_mobile_upload_save_fileuploady

Recent Articles

SolarWinds Serv-U path-traversal flaw actively exploited in attacks
BleepingComputer • Bill Toulas • 20 Jun 2024

SolarWinds Serv-U path-traversal flaw actively exploited in attacks By Bill Toulas June 20, 2024 11:45 AM 0 Threat actors are actively exploiting a SolarWinds Serv-U path-traversal vulnerability, leveraging publicly available proof-of-concept (PoC) exploits. Although the attacks do not appear particularly sophisticated, the observed activity underscores the risk posed by unpatched endpoints, emphasizing the urgent need for administrators to apply the security updates. The CVE-2024-28995 flaw The...

Read more...
Let's kick off our summer with a pwn-me-by-Wi-Fi bug in Microsoft Windows
The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Redmond splats dozens of bugs as does Adobe while Arm drivers and PHP under active attack

Patch Tuesday Microsoft kicked off our summer season with a relatively light June Patch Tuesday, releasing updates for 49 CVE-tagged security flaws in its products – including one bug deemed critical, a fairly terrifying one in wireless networking, and one listed as publicly disclosed. The one that's listed as publicly known, and not yet publicly exploited, is CVE-2023-50868 in Windows Server as well as non-Microsoft software. It's a vulnerability in DNSSEC implementations that we've known abo...

Read more...

References

CWE-22https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28995https://nvd.nist.govhttps://www.theregister.co.uk/2024/06/12/june_patch_tuesday/https://github.com/bigb0x/CVE-2024-28995https://advisories.checkpoint.com/defense/advisories/public/2024/cpai-2024-0408.html
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-28995CVE-2024-36680CVE-2024-35537unauthorizedCVE-2024-21518CVE-2024-37673cross-site scriptingSSRFCVE-2024-6241
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook