Solarwinds Serv-u File Server — known CVE vulnerabilities
Every CVE whose affected-product data names Solarwinds Serv-u File Server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (20)
CVE-2004-0330 — CVSS 10.0 (critical): Buffer overflow in Serv-U ftp before 5.0.0.4 allows remote authenticated users to execute arbitrary code via a long time zone argument to…
CVE-2009-4006 — CVSS 10.0 (critical): Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft Serv-U FTP server 7.0.0.1, 9.0.0.5, and other versions before…
CVE-2004-2532 — CVSS 10.0 (critical): Serv-U FTP server before 5.1.0.0 has a default account and password for local administration, which allows local users to execute arbitrary…
CVE-2008-4501 — CVSS 9.0 (critical): Directory traversal vulnerability in the FTP server in Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to…
CVE-2011-4800 — CVSS 9.0 (critical): Directory traversal vulnerability in Serv-U FTP Server before 11.1.0.5 allows remote authenticated users to read and write arbitrary files…
CVE-2004-2111 — CVSS 8.5 (high): Stack-based buffer overflow in the site chmod command in Serv-U FTP Server before 4.2 allows remote attackers to execute arbitrary code via…
CVE-2009-1031 — CVSS 7.8 (high): Directory traversal vulnerability in the FTP server in Rhino Software Serv-U File Server 7.0.0.1 through 7.4.0.1 allows remote attackers to…
CVE-2001-1463 — CVSS 7.5 (high): The remote administration client for RhinoSoft Serv-U 3.0 sends the user password in plaintext even when S/KEY One-Time Password (OTP)…
CVE-2001-0054 — CVSS 5.0 (medium): Directory traversal vulnerability in FTP Serv-U before 2.5i allows remote attackers to escape the FTP root and read arbitrary files by…
CVE-2002-2393 — CVSS 5.0 (medium): Serv-U FTP server 3.0, 3.1 and 4.0.0.4 does not accept new connections while validating user folder access rights, which allows remote…
CVE-2004-1675 — CVSS 5.0 (medium): Serv-U FTP server 4.x and 5.x allows remote attackers to cause a denial of service (application crash) via a STORE UNIQUE (STOU) command…
CVE-2004-1992 — CVSS 5.0 (medium): Buffer overflow in Serv-U FTP server before 5.0.0.6 allows remote attackers to cause a denial of service (crash) via a long -l parameter…
CVE-2004-2533 — CVSS 5.0 (medium): Serv-U FTP Server 4.1 (possibly 4.0) allows remote attackers to cause a denial of service (application crash) via a SITE CHMOD command with…
CVE-2005-3467 — CVSS 5.0 (medium): Serv-U FTP Server before 6.1.0.4 allows attackers to cause a denial of service (crash) via (1) malformed packets and possibly other…
CVE-2009-3655 — CVSS 5.0 (medium): Rhino Software Serv-U 7.0.0.1 through 8.2.0.3 allows remote attackers to cause a denial of service (server crash) via unspecified vectors…
CVE-2009-0967 — CVSS 4.0 (medium): The FTP server in Serv-U 7.0.0.1 through 7.4.0.1 allows remote authenticated users to cause a denial of service (service hang) via a large…
CVE-2009-4815 — CVSS 4.0 (medium): Directory traversal vulnerability in Serv-U before 9.2.0.1 allows remote authenticated users to read arbitrary files via unspecified…
CVE-2008-4500 — CVSS 4.0 (medium): Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to cause a denial of service (CPU consumption) via a…
CVE-2008-3731 — CVSS 4.0 (medium): Unspecified vulnerability in Serv-U File Server 7.0.0.1, and other versions before 7.2.0.1, allows remote authenticated users to cause a…