RSS   Vulnerabilities for 'Serv-u ftp server'   RSS

2019-06-07
 
CVE-2018-19999

CWE-287
 

 
The local management interface in SolarWinds Serv-U FTP Server 15.1.6.25 has incorrect access controls that permit local users to bypass authentication in the application and execute code in the context of the Windows SYSTEM account, leading to privilege escalation. To exploit this vulnerability, an attacker must have local access the the host running Serv-U, and a Serv-U administrator have an active management console session.

 
2019-03-21
 
CVE-2018-19934

CWE-79
 

 
SolarWinds Serv-U FTP Server 15.1.6.25 has reflected cross-site scripting (XSS) in the Web management interface via URL path and HTTP POST parameter.

 
 
CVE-2018-15906

CWE-noinfo
 

 
SolarWinds Serv-U FTP Server 15.1.6 allows remote authenticated users to execute arbitrary code by leveraging the Import feature and modifying a CSV file.

 

 >>> Vendor: Solarwinds 28 Products
Tftp server
Orion network performance monitor
Ip address manager web interface
Network configuration manager
Log and event manager
Server and application monitor
Orion ip address manager
Orion netflow traffic analyzer
Orion network configuration manager
Orion server and application manager
Orion user device tracker
Orion voip & network quality manager
Orion web performance monitor
Firewall security manager
Storage manager
N-able n-central
Storage resource monitor
Virtualization manager
Ftp voyager
Log & event manager
Network performance monitor
Serv-u
Sftp/scp server
Orion platform
Serv-u ftp server
Damewire mini remote control
Database performance analyzer
Dameware mini remote control firmware


Copyright 2019, cxsecurity.com

 

Back to Top