SolarWinds IT Management Software and Remote Monitoring Tools

This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Patch Manager 2020.2.1

CVE-2021-27240 7.8 - High - March 29, 2021

This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Patch Manager 2020.2.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the DataGridService WCF service. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of Administrator. Was ZDI-CAN-12009.

Marshaling, Unmarshaling

The custom menu item options page in SolarWinds Orion Platform before 2020.2.5

CVE-2021-3109 4.8 - Medium - March 26, 2021

The custom menu item options page in SolarWinds Orion Platform before 2020.2.5 allows Reverse Tabnabbing in the context of an administrator account.

SolarWinds Orion Platform before 2020.2.5

CVE-2020-35856 4.8 - Medium - March 26, 2021

SolarWinds Orion Platform before 2020.2.5 allows stored XSS attacks by an administrator on the Customize View page.

XSS

This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor 2020 HF1

CVE-2020-27869 8.8 - High - February 12, 2021

This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor 2020 HF1, NPM: 2020.2. Authentication is required to exploit this vulnerability. The specific flaw exists within the WriteToFile method. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges and reset the password for the Admin user. Was ZDI-CAN-11804.

SQL Injection

This vulnerability allows remote attackers to disclose sensitive information on affected installations of SolarWinds Orion Platform 2020.2.1

CVE-2020-27870 6.5 - Medium - February 10, 2021

This vulnerability allows remote attackers to disclose sensitive information on affected installations of SolarWinds Orion Platform 2020.2.1. Authentication is required to exploit this vulnerability. The specific flaw exists within ExportToPDF.aspx. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Was ZDI-CAN-11917.

Directory traversal

This vulnerability allows remote attackers to create arbitrary files on affected installations of SolarWinds Orion Platform 2020.2.1

CVE-2020-27871 7.2 - High - February 10, 2021

This vulnerability allows remote attackers to create arbitrary files on affected installations of SolarWinds Orion Platform 2020.2.1. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within VulnerabilitySettings.aspx. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-11902.

Directory traversal

The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message Queue) and doesn't set permissions on its private queues

CVE-2021-25274 9.8 - Critical - February 03, 2021

The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message Queue) and doesn't set permissions on its private queues. As a result, remote unauthenticated clients can send messages to TCP port 1801 that the Collector Service will process. Additionally, upon processing of such messages, the service deserializes them in insecure manner, allowing remote arbitrary code execution as LocalSystem.

Marshaling, Unmarshaling

In SolarWinds Serv-U before 15.2.2 Hotfix 1, there is a directory containing user profile files (

CVE-2021-25276 7.1 - High - February 03, 2021

In SolarWinds Serv-U before 15.2.2 Hotfix 1, there is a directory containing user profile files (that include users' password hashes) that is world readable and writable. An unprivileged Windows user (having access to the server's filesystem) can add an FTP user by copying a valid profile file to this directory. For example, if this profile sets up a user with a C:\ home directory, then the attacker obtains access to read or replace arbitrary files with LocalSystem privileges.

Insecure Storage of Sensitive Information

SolarWinds Orion Platform before 2020.2.4

CVE-2021-25275 7.8 - High - February 03, 2021

SolarWinds Orion Platform before 2020.2.4, as used by various SolarWinds products, installs and uses a SQL Server backend, and stores database credentials to access this backend in a file readable by unprivileged users. As a result, any user having access to the filesystem can read database login details from that file, including the login name and its associated password. Then, the credentials can be used to get database owner access to the SWNetPerfMon.DB database. This gives access to the data collected by SolarWinds applications, and leads to admin access to the applications by inserting or changing authentication data stored in the Accounts table of the database.

Use of Hard-coded Credentials

SolarWinds Serv-U before 15.2.2

CVE-2020-35481 9.8 - Critical - February 03, 2021

SolarWinds Serv-U before 15.2.2 allows Unauthenticated Macro Injection.

SolarWinds Serv-U before 15.2.2

CVE-2020-28001 5.4 - Medium - February 03, 2021

SolarWinds Serv-U before 15.2.2 allows Authenticated Stored XSS.

XSS

SolarWinds Serv-U before 15.2.2

CVE-2020-27994 6.5 - Medium - February 03, 2021

SolarWinds Serv-U before 15.2.2 allows Authenticated Directory Traversal.

Directory traversal

SolarWinds Serv-U before 15.2.2

CVE-2020-35482 5.4 - Medium - February 03, 2021

SolarWinds Serv-U before 15.2.2 allows authenticated reflected XSS.

XSS

SolarWinds Web Help Desk 12.7.0

CVE-2019-16959 6.5 - Medium - December 21, 2020

SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Formula Injection, via a file attached to a ticket.

Injection

SolarWinds Web Help Desk 12.7.0

CVE-2019-16955 5.4 - Medium - December 18, 2020

SolarWinds Web Help Desk 12.7.0 allows XSS via an uploaded SVG document in a request.

XSS

SolarWinds Web Help Desk 12.7.0

CVE-2019-16957 5.4 - Medium - December 18, 2020

SolarWinds Web Help Desk 12.7.0 allows XSS via the First Name field of a User Account.

XSS

An issue was discovered in SolarWinds N-Central 12.3.0.670

CVE-2020-25622 8.8 - High - December 16, 2020

An issue was discovered in SolarWinds N-Central 12.3.0.670. The AdvancedScripts HTTP endpoint allows CSRF.

Session Riding

An issue was discovered in SolarWinds N-Central 12.3.0.670

CVE-2020-25621 8.4 - High - December 16, 2020

An issue was discovered in SolarWinds N-Central 12.3.0.670. The local database does not require authentication: security is only based on ability to access a network interface. The database has keys and passwords.

authentification

An issue was discovered in SolarWinds N-Central 12.3.0.670

CVE-2020-25620 7.8 - High - December 16, 2020

An issue was discovered in SolarWinds N-Central 12.3.0.670. Hard-coded Credentials exist by default for local user accounts named support@n-able.com and nableadmin@n-able.com. These allow logins to the N-Central Administrative Console (NAC) and/or the regular web interface.

Use of Hard-coded Credentials

An issue was discovered in SolarWinds N-Central 12.3.0.670

CVE-2020-25618 8.8 - High - December 16, 2020

An issue was discovered in SolarWinds N-Central 12.3.0.670. The sudo configuration has incorrect access control because the nable web user account is effectively able to run arbitrary OS commands as root (i.e., the use of root privileges is not limited to specific programs listed in the sudoers file).

Shell injection

An issue was discovered in SolarWinds N-Central 12.3.0.670

CVE-2020-25617 8.8 - High - December 16, 2020

An issue was discovered in SolarWinds N-Central 12.3.0.670. The AdvancedScripts HTTP endpoint allows Relative Path Traversal by an authenticated user of the N-Central Administration Console (NAC), leading to execution of OS commands as root.

Directory traversal

An issue was discovered in SolarWinds N-Central 12.3.0.670

CVE-2020-25619 4.4 - Medium - December 16, 2020

An issue was discovered in SolarWinds N-Central 12.3.0.670. The SSH component does not restrict the Communication Channel to Intended Endpoints. An attacker can leverage an SSH feature (port forwarding with a temporary key pair) to access network services on the 127.0.0.1 interface, even though this feature was only intended for user-to-agent communication.

SolarWinds Database Performance Analyzer (DPA) 11.1.468 and 12.0.3074 have several persistent XSS vulnerabilities

CVE-2018-16243 5.4 - Medium - December 15, 2020

SolarWinds Database Performance Analyzer (DPA) 11.1.468 and 12.0.3074 have several persistent XSS vulnerabilities, related to logViewer.iwc, centralManage.cen, userAdministration.iwc, database.iwc, alertManagement.iwc, eventAnnotations.iwc, and central.cen.

XSS

SolarWinds N-central through 2020.1 allows session hijacking and requires user interaction or physical access

CVE-2020-15909 8.8 - High - October 19, 2020

SolarWinds N-central through 2020.1 allows session hijacking and requires user interaction or physical access. The N-Central JSESSIONID cookie attribute is not checked against multiple sources such as sourceip, MFA claim, etc. as long as the victim stays logged in within N-Central. To take advantage of this, cookie could be stolen and the JSESSIONID can be captured. On its own this is not a surprising result; low security tools allow the cookie to roam from machine to machine. The JSESSION cookie can then be used on the attackers workstation by browsing to the victims NCentral server URL and replacing the JSESSIONID attribute value by the captured value. Expected behavior would be to check this against a second source and enforce at least a reauthentication or multi factor request as N-Central is a highly privileged service.

Session Fixation

SolarWinds N-Central version 12.3 GA and lower does not set the JSESSIONID attribute to HTTPOnly

CVE-2020-15910 4.7 - Medium - October 19, 2020

SolarWinds N-Central version 12.3 GA and lower does not set the JSESSIONID attribute to HTTPOnly. This makes it possible to influence the cookie with javascript. An attacker could send the user to a prepared webpage or by influencing JavaScript to the extract the JESSIONID. This could then be forwarded to the attacker.

Incorrect Permission Assignment for Critical Resource

Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platform before before 2020.2.1 on multiple forms and pages

CVE-2020-13169 9.6 - Critical - September 17, 2020

Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platform before before 2020.2.1 on multiple forms and pages. This vulnerability may lead to the Information Disclosure and Escalation of Privileges (takeover of administrator account).

XSS

SolarWinds Serv-U File Server before 15.2.1

CVE-2020-15576 7.5 - High - July 07, 2020

SolarWinds Serv-U File Server before 15.2.1 allows information disclosure via an HTTP response.

Information Disclosure

SolarWinds Serv-U File Server before 15.2.1

CVE-2020-15575 6.1 - Medium - July 07, 2020

SolarWinds Serv-U File Server before 15.2.1 allows XSS as demonstrated by Tenable Scan, aka Case Number 00484194.

XSS

SolarWinds Serv-U File Server before 15.2.1 mishandles the Same-Site cookie attribute

CVE-2020-15574 7.5 - High - July 07, 2020

SolarWinds Serv-U File Server before 15.2.1 mishandles the Same-Site cookie attribute, aka Case Number 00331893.

Missing Encryption of Sensitive Data

SolarWinds Serv-U File Server before 15.2.1 has a "Cross-script vulnerability

CVE-2020-15573 6.1 - Medium - July 07, 2020

SolarWinds Serv-U File Server before 15.2.1 has a "Cross-script vulnerability," aka Case Numbers 00041778 and 00306421.

XSS

An issue was discovered in SolarWinds MSP PME (Patch Management Engine) Cache Service before 1.1.15 in the Advanced Monitoring Agent

CVE-2020-12608 7.8 - High - May 07, 2020

An issue was discovered in SolarWinds MSP PME (Patch Management Engine) Cache Service before 1.1.15 in the Advanced Monitoring Agent. There are insecure file permissions for %PROGRAMDATA%\SolarWinds MSP\SolarWinds.MSP.CacheService\config\. This can lead to code execution by changing the CacheService.xml SISServerURL parameter.

Incorrect Default Permissions

SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) is vulnerable to Information Leakage

CVE-2019-12864 5.5 - Medium - May 04, 2020

SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) is vulnerable to Information Leakage, because of improper error handling with stack traces, as demonstrated by discovering a full pathname upon a 500 Internal Server Error via the api2/swis/query?lang=en-us&swAlertOnError=false query parameter.

Information Disclosure

Formula Injection exists in the export feature in SolarWinds WebHelpDesk 12.7.1 via a value (provided by a low-privileged user in the Subject field of a help request form)

CVE-2019-20002 7.8 - High - April 27, 2020

Formula Injection exists in the export feature in SolarWinds WebHelpDesk 12.7.1 via a value (provided by a low-privileged user in the Subject field of a help request form) that is mishandled in a TicketActions/view?tab=group TSV export by an admin user.

Code Injection

Classic buffer overflow in SolarWinds Dameware

CVE-2020-5734 7.5 - High - April 07, 2020

Classic buffer overflow in SolarWinds Dameware allows a remote, unauthenticated attacker to cause a denial of service by sending a large 'SigPubkeyLen' during ECDH key exchange.

Classic Buffer Overflow

SolarWinds Serv-U Managed File Transfer (MFT) Web client before 15.1.6 Hotfix 2 is vulnerable to Cross-Site Request Forgery in the file upload functionality

CVE-2019-12769 8.8 - High - March 18, 2020

SolarWinds Serv-U Managed File Transfer (MFT) Web client before 15.1.6 Hotfix 2 is vulnerable to Cross-Site Request Forgery in the file upload functionality via ?Command=Upload with the Dir and File parameters.

Session Riding

SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4)

CVE-2019-12863 4.8 - Medium - February 25, 2020

SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) allows Stored HTML Injection by administrators via the Web Console Settings screen.

XSS

SolarWinds Network Performance Monitor (Orion Platform 2018, NPM 12.3, NetPath 1.1.3)

CVE-2019-12954 5.4 - Medium - February 17, 2020

SolarWinds Network Performance Monitor (Orion Platform 2018, NPM 12.3, NetPath 1.1.3) allows XSS by authenticated users via a crafted onerror attribute of a VIDEO element in an action for an ALERT.

XSS

SolarWinds N-central before 12.1 SP1 HF5 and 12.2 before SP1 HF2

CVE-2020-7984 7.5 - High - January 26, 2020

SolarWinds N-central before 12.1 SP1 HF5 and 12.2 before SP1 HF2 allows remote attackers to retrieve cleartext domain admin credentials from the Agent & Probe settings, and obtain other sensitive information. The attacker can use a customer ID to self register and read any aspects of the agent/appliance configuration.

Cleartext Transmission of Sensitive Information

A Reflected Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many forms

CVE-2019-17125 6.1 - Medium - January 17, 2020

A Reflected Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS.

XSS

A Stored Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many application forms

CVE-2019-17127 6.1 - Medium - January 17, 2020

A Stored Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many application forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS. This can lead to privilege escalation.

XSS

A cross-site scripting (XSS) vulnerability exists in SolarWinds Serv-U FTP Server 15.1.7 in the email parameter

CVE-2019-19829 5.4 - Medium - December 18, 2019

A cross-site scripting (XSS) vulnerability exists in SolarWinds Serv-U FTP Server 15.1.7 in the email parameter, a different vulnerability than CVE-2018-19934 and CVE-2019-13182.

XSS

A CSV injection vulnerability exists in the web UI of SolarWinds Serv-U FTP Server v15.1.7.

CVE-2019-13181 6.5 - Medium - December 16, 2019

A CSV injection vulnerability exists in the web UI of SolarWinds Serv-U FTP Server v15.1.7.

CSV Injection

A stored cross-site scripting (XSS) vulnerability exists in the web UI of SolarWinds Serv-U FTP Server 15.1.7.

CVE-2019-13182 5.4 - Medium - December 16, 2019

A stored cross-site scripting (XSS) vulnerability exists in the web UI of SolarWinds Serv-U FTP Server 15.1.7.

XSS

The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports smart card authentication which can

CVE-2019-3980 9.8 - Critical - October 08, 2019

The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports smart card authentication which can allow a user to upload an executable to be executed on the DWRCS.exe host. An unauthenticated, remote attacker can request smart card login and upload and execute an arbitrary executable run under the Local System account.

Improper Input Validation

SolarWinds Database Performance Analyzer 11.1.457 contains an instance of Reflected XSS in its idcStateError component

CVE-2018-19386 6.1 - Medium - August 14, 2019

SolarWinds Database Performance Analyzer 11.1.457 contains an instance of Reflected XSS in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI.

XSS

SolarWinds Network Performance Monitor 12.3

CVE-2018-13442 8.8 - High - July 16, 2019

SolarWinds Network Performance Monitor 12.3 allows SQL Injection via the /api/ActiveAlertsOnThisEntity/GetActiveAlerts TriggeringObjectEntityNames parameter.

SQL Injection

A privilege escalation vulnerability exists in SolarWinds Serv-U before 15.1.7 for Linux.

CVE-2019-12181 8.8 - High - June 17, 2019

A privilege escalation vulnerability exists in SolarWinds Serv-U before 15.1.7 for Linux.

Shell injection

Dameware Remote Mini Control version 12.1.0.34 and prior contains an unauthenticated remote buffer over-read due to the server not properly validating RsaSignatureLen during key negotiation

CVE-2019-3957 7.4 - High - June 07, 2019

Dameware Remote Mini Control version 12.1.0.34 and prior contains an unauthenticated remote buffer over-read due to the server not properly validating RsaSignatureLen during key negotiation, which could crash the application or leak sensitive information.

Out-of-bounds Read

The local management interface in SolarWinds Serv-U FTP Server 15.1.6.25 has incorrect access controls

CVE-2018-19999 7.8 - High - June 07, 2019

The local management interface in SolarWinds Serv-U FTP Server 15.1.6.25 has incorrect access controls that permit local users to bypass authentication in the application and execute code in the context of the Windows SYSTEM account, leading to privilege escalation. To exploit this vulnerability, an attacker must have local access the the host running Serv-U, and a Serv-U administrator have an active management console session.

authentification

DWRCC in SolarWinds DameWare Mini Remote Control 10.0 x64 has a Buffer Overflow associated with the size field for the machine name.

CVE-2019-9017 7.5 - High - May 02, 2019

DWRCC in SolarWinds DameWare Mini Remote Control 10.0 x64 has a Buffer Overflow associated with the size field for the machine name.

Buffer Overflow

SolarWinds Serv-U FTP Server 15.1.6.25 has reflected cross-site scripting (XSS) in the Web management interface

CVE-2018-19934 4.8 - Medium - March 21, 2019

SolarWinds Serv-U FTP Server 15.1.6.25 has reflected cross-site scripting (XSS) in the Web management interface via URL path and HTTP POST parameter.

XSS

SolarWinds Serv-U FTP Server 15.1.6

CVE-2018-15906 7.2 - High - March 21, 2019

SolarWinds Serv-U FTP Server 15.1.6 allows remote authenticated users to execute arbitrary code by leveraging the Import feature and modifying a CSV file.

SolarWinds Orion Platform before 2018.4 Hotfix 2

CVE-2019-9546 9.8 - Critical - March 01, 2019

SolarWinds Orion Platform before 2018.4 Hotfix 2 allows privilege escalation through the RabbitMQ service.

DLL preloading

SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote code execution vulnerability in the OrionModuleEngine service

CVE-2019-8917 9.8 - Critical - February 18, 2019

SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote code execution vulnerability in the OrionModuleEngine service. This service establishes a NetTcpBinding endpoint that allows remote, unauthenticated clients to connect and call publicly exposed methods. The InvokeActionMethod method may be abused by an attacker to execute commands as the SYSTEM user.

In SolarWinds SFTP/SCP Server through 2018-09-10, the configuration file is world readable and writable, and stores user passwords in an insecure manner

CVE-2018-16791 9.8 - Critical - December 05, 2018

In SolarWinds SFTP/SCP Server through 2018-09-10, the configuration file is world readable and writable, and stores user passwords in an insecure manner, allowing an attacker to determine passwords for potentially privileged accounts. This also grants the attacker an ability to backdoor the server.

Insufficiently Protected Credentials

SolarWinds SFTP/SCP server through 2018-09-10 is vulnerable to XXE via a world readable and writable configuration file

CVE-2018-16792 9.1 - Critical - December 05, 2018

SolarWinds SFTP/SCP server through 2018-09-10 is vulnerable to XXE via a world readable and writable configuration file that allows an attacker to exfiltrate data.

XXE

SolarWinds DameWare Mini Remote Control before 12.1 has a Buffer Overflow.

CVE-2018-12897 7.8 - High - September 07, 2018

SolarWinds DameWare Mini Remote Control before 12.1 has a Buffer Overflow.

Buffer Overflow

A denial of service vulnerability in SolarWinds Serv-U before 15.1.6 HFv1

CVE-2018-10241 6.5 - Medium - May 16, 2018

A denial of service vulnerability in SolarWinds Serv-U before 15.1.6 HFv1 allows an authenticated user to crash the application (with a NULL pointer dereference) via a specially crafted URL beginning with the /Web%20Client/ substring.

NULL Pointer Dereference

SolarWinds Serv-U MFT before 15.1.6 HFv1 assigns authenticated users a low-entropy session token

CVE-2018-10240 7.3 - High - May 16, 2018

SolarWinds Serv-U MFT before 15.1.6 HFv1 assigns authenticated users a low-entropy session token that can be included in requests to the application as a URL parameter in lieu of a session cookie. This session token's value can be brute-forced by an attacker to obtain the corresponding session cookie and hijack the user's session.

Insufficient Entropy

Directory traversal vulnerability in Serv-U FTP Server before 11.1.0.5

CVE-2011-4800 - December 14, 2011

Directory traversal vulnerability in Serv-U FTP Server before 11.1.0.5 allows remote authenticated users to read and write arbitrary files, and list and create arbitrary directories, via a "..:/" (dot dot colon forward slash) in the (1) list, (2) put, or (3) get commands.

Directory traversal

Directory traversal vulnerability in Serv-U before 9.2.0.1

CVE-2009-4815 - April 27, 2010

Directory traversal vulnerability in Serv-U before 9.2.0.1 allows remote authenticated users to read arbitrary files via unspecified vectors.

Directory traversal

Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft Serv-U FTP server 7.0.0.1, 9.0.0.5, and other versions before 9.1.0.0

CVE-2009-4006 - November 20, 2009

Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft Serv-U FTP server 7.0.0.1, 9.0.0.5, and other versions before 9.1.0.0 allows remote attackers to execute arbitrary code via a long hexadecimal string.

Buffer Overflow

Rhino Software Serv-U 7.0.0.1 through 8.2.0.3

CVE-2009-3655 - October 09, 2009

Rhino Software Serv-U 7.0.0.1 through 8.2.0.3 allows remote attackers to cause a denial of service (server crash) via unspecified vectors related to the "SITE SET TRANSFERPROGRESS ON" FTP command.

Directory traversal vulnerability in the FTP server in Rhino Software Serv-U File Server 7.0.0.1 through 7.4.0.1

CVE-2009-1031 - March 20, 2009

Directory traversal vulnerability in the FTP server in Rhino Software Serv-U File Server 7.0.0.1 through 7.4.0.1 allows remote attackers to create arbitrary directories via a \.. (backslash dot dot) in an MKD request.

Directory traversal

The FTP server in Serv-U 7.0.0.1 through 7.4.0.1

CVE-2009-0967 - March 19, 2009

The FTP server in Serv-U 7.0.0.1 through 7.4.0.1 allows remote authenticated users to cause a denial of service (service hang) via a large number of SMNT commands without an argument.

Resource Management Errors

Directory traversal vulnerability in the FTP server in Serv-U 7.0.0.1 through 7.3, including 7.2.0.1

CVE-2008-4501 - October 09, 2008

Directory traversal vulnerability in the FTP server in Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to overwrite or create arbitrary files via a ..\ (dot dot backslash) in the RNTO command.

Directory traversal

Serv-U 7.0.0.1 through 7.3, including 7.2.0.1

CVE-2008-4500 - October 09, 2008

Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted stou command, probably related to MS-DOS device names, as demonstrated using "con:1".

Improper Input Validation

Unspecified vulnerability in Serv-U File Server 7.0.0.1, and other versions before 7.2.0.1

CVE-2008-3731 - August 20, 2008

Unspecified vulnerability in Serv-U File Server 7.0.0.1, and other versions before 7.2.0.1, allows remote authenticated users to cause a denial of service (daemon crash) via an SSH session with SFTP commands for directory creation and logging.Upgrade to 7.2.0.1

Serv-U FTP Server before 6.1.0.4

CVE-2005-3467 - November 02, 2005

Serv-U FTP Server before 6.1.0.4 allows attackers to cause a denial of service (crash) via (1) malformed packets and possibly other unspecified issues with unknown impact and attack vectors including (2) use of "~" in a pathname, and (3) memory consumption of the daemon. NOTE: it is not clear whether items (2) and above are vulnerabilities.

Improper Input Validation

Serv-U FTP Server 4.1 (possibly 4.0)

CVE-2004-2533 - December 31, 2004

Serv-U FTP Server 4.1 (possibly 4.0) allows remote attackers to cause a denial of service (application crash) via a SITE CHMOD command with a "\\...\" followed by a short string, causing partial memory corruption, a different vulnerability than CVE-2004-2111.

Improper Input Validation

Serv-U FTP server before 5.1.0.0 has a default account and password for local administration, which allows local users to execute arbitrary commands by connecting to the server using the default administrator account, creating a new user, logging in as

CVE-2004-2532 - December 31, 2004

Serv-U FTP server before 5.1.0.0 has a default account and password for local administration, which allows local users to execute arbitrary commands by connecting to the server using the default administrator account, creating a new user, logging in as that new user, and then using the SITE EXEC command.

Credentials Management Errors

Stack-based buffer overflow in the site chmod command in Serv-U FTP Server before 4.2

CVE-2004-2111 - December 31, 2004

Stack-based buffer overflow in the site chmod command in Serv-U FTP Server before 4.2 allows remote attackers to execute arbitrary code via a long filename.

Buffer Overflow

Buffer overflow in Serv-U ftp before 5.0.0.4

CVE-2004-0330 - November 23, 2004

Buffer overflow in Serv-U ftp before 5.0.0.4 allows remote authenticated users to execute arbitrary code via a long time zone argument to the MDTM command.

Buffer Overflow

Serv-U FTP server 4.x and 5.x

CVE-2004-1675 - September 11, 2004

Serv-U FTP server 4.x and 5.x allows remote attackers to cause a denial of service (application crash) via a STORE UNIQUE (STOU) command with an MS-DOS device name argument such as (1) COM1, (2) LPT1, (3) PRN, or (4) AUX.

Improper Input Validation

Buffer overflow in Serv-U FTP server before 5.0.0.6

CVE-2004-1992 - April 20, 2004

Buffer overflow in Serv-U FTP server before 5.0.0.6 allows remote attackers to cause a denial of service (crash) via a long -l parameter, which triggers an out-of-bounds read.

Buffer Overflow

Serv-U FTP server 3.0, 3.1 and 4.0.0.4 does not accept new connections while validating user folder access rights, which

CVE-2002-2393 - December 31, 2002

Serv-U FTP server 3.0, 3.1 and 4.0.0.4 does not accept new connections while validating user folder access rights, which allows remote attackers to cause a denial of service (no new connections) via a series of MKD commands.

Improper Input Validation

The remote administration client for RhinoSoft Serv-U 3.0 sends the user password in plaintext even when S/KEY One-Time Password (OTP) authentication is enabled, which

CVE-2001-1463 - November 19, 2001

The remote administration client for RhinoSoft Serv-U 3.0 sends the user password in plaintext even when S/KEY One-Time Password (OTP) authentication is enabled, which allows remote attackers to sniff passwords.

Cryptographic Issues

Directory traversal vulnerability in FTP Serv-U before 2.5i

CVE-2001-0054 - February 16, 2001

Directory traversal vulnerability in FTP Serv-U before 2.5i allows remote attackers to escape the FTP root and read arbitrary files by appending a string such as "/..%20." to a CD command, a variant of a .. (dot dot) attack.

Directory traversal