Serv-u CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (67 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2018-19999	1 Solarwinds	1 Serv-u Ftp Server	2024-11-21	N/A
The local management interface in SolarWinds Serv-U FTP Server 15.1.6.25 has incorrect access controls that permit local users to bypass authentication in the application and execute code in the context of the Windows SYSTEM account, leading to privilege escalation. To exploit this vulnerability, an attacker must have local access the the host running Serv-U, and a Serv-U administrator have an active management console session.
CVE-2018-19934	1 Solarwinds	1 Serv-u Ftp Server	2024-11-21	N/A
SolarWinds Serv-U FTP Server 15.1.6.25 has reflected cross-site scripting (XSS) in the Web management interface via URL path and HTTP POST parameter.
CVE-2018-15906	1 Solarwinds	1 Serv-u Ftp Server	2024-11-21	N/A
SolarWinds Serv-U FTP Server 15.1.6 allows remote authenticated users to execute arbitrary code by leveraging the Import feature and modifying a CSV file.
CVE-2018-10241	1 Solarwinds	1 Serv-u	2024-11-21	N/A
A denial of service vulnerability in SolarWinds Serv-U before 15.1.6 HFv1 allows an authenticated user to crash the application (with a NULL pointer dereference) via a specially crafted URL beginning with the /Web%20Client/ substring.
CVE-2018-10240	1 Solarwinds	1 Serv-u	2024-11-21	N/A
SolarWinds Serv-U MFT before 15.1.6 HFv1 assigns authenticated users a low-entropy session token that can be included in requests to the application as a URL parameter in lieu of a session cookie. This session token's value can be brute-forced by an attacker to obtain the corresponding session cookie and hijack the user's session.
CVE-2024-45714	1 Solarwinds	1 Serv-u	2024-10-30	4.8 Medium
Application is vulnerable to Cross Site Scripting (XSS) an authenticated attacker with users’ permissions can modify a variable with a payload.
CVE-2024-45711	1 Solarwinds	1 Serv-u	2024-10-17	7.5 High
SolarWinds Serv-U is vulnerable to a directory traversal vulnerability where remote code execution is possible depending on privileges given to the authenticated user. This issue requires a user to be authenticated and this is present when software environment variables are abused. Authentication is required for this vulnerability

« first previous Page 4 of 4.