cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2021-35252,https://securityvulnerability.io/vulnerability/CVE-2021-35252,Common Key Vulnerability in Serv-U FTP Server,Common encryption key appears to be used across all deployed instances of Serv-U FTP Server. Because of this an encrypted value that is exposed to an attacker can be simply recovered to plaintext.,Solarwinds,Serv-u Ftp Server,7.5,HIGH,0.0008200000156648457,false,,false,false,false,,,false,false,,2022-12-16T00:00:00.000Z,0
CVE-2021-35211,https://securityvulnerability.io/vulnerability/CVE-2021-35211,Serv-U Remote Memory Escape Vulnerability,"Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. If exploited, a threat actor may be able to gain privileged access to the machine hosting Serv-U Only. SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP for Windows before 15.2.3 HF2 are affected by this vulnerability.",Solarwinds,Serv-u Managed File Transfer Server And Serv-u Secured Ftp,10,CRITICAL,0.9345800280570984,true,2021-11-03T00:00:00.000Z,false,true,true,2021-11-03T00:00:00.000Z,true,false,false,,2021-07-14T21:15:00.000Z,0
CVE-2020-22428,https://securityvulnerability.io/vulnerability/CVE-2020-22428,Cross Site Scripting in SolarWinds Serv-U Product,"The vulnerability in SolarWinds Serv-U allows malicious actors to inject JavaScript payloads through directory names specified by an admin. This Cross Site Scripting (XSS) issue could enable attackers to execute unauthorized scripts in the context of a user's session, potentially leading to data theft or session hijacking. Users of Serv-U versions prior to 15.1.6 Hotfix 3 should take immediate action to mitigate this risk.",Solarwinds,"Serv-u Ftp Server,Serv-u Mft Server",4.8,MEDIUM,0.0014600000577047467,false,,false,false,false,,,false,false,,2021-05-05T02:42:51.000Z,0
CVE-2020-15541,https://securityvulnerability.io/vulnerability/CVE-2020-15541,,SolarWinds Serv-U FTP server before 15.2.1 allows remote command execution.,Solarwinds,Serv-u Ftp Server,9.8,CRITICAL,0.01221999991685152,false,,false,false,false,,,false,false,,2020-07-05T21:04:29.000Z,0
CVE-2020-15543,https://securityvulnerability.io/vulnerability/CVE-2020-15543,,SolarWinds Serv-U FTP server before 15.2.1 does not validate an argument path.,Solarwinds,Serv-u Ftp Server,9.8,CRITICAL,0.002219999907538295,false,,false,false,false,,,false,false,,2020-07-05T21:04:16.000Z,0
CVE-2020-15542,https://securityvulnerability.io/vulnerability/CVE-2020-15542,,SolarWinds Serv-U FTP server before 15.2.1 mishandles the CHMOD command.,Solarwinds,Serv-u Ftp Server,9.8,CRITICAL,0.002219999907538295,false,,false,false,false,,,false,false,,2020-07-05T21:04:05.000Z,0
CVE-2019-19829,https://securityvulnerability.io/vulnerability/CVE-2019-19829,,"A cross-site scripting (XSS) vulnerability exists in SolarWinds Serv-U FTP Server 15.1.7 in the email parameter, a different vulnerability than CVE-2018-19934 and CVE-2019-13182.",Solarwinds,Serv-u Ftp Server,5.4,MEDIUM,0.0008900000248104334,false,,false,false,false,,,false,false,,2019-12-18T17:15:19.000Z,0
CVE-2019-13182,https://securityvulnerability.io/vulnerability/CVE-2019-13182,,A stored cross-site scripting (XSS) vulnerability exists in the web UI of SolarWinds Serv-U FTP Server 15.1.7.,Solarwinds,Serv-u Ftp Server,5.4,MEDIUM,0.012849999591708183,false,,false,false,false,,,false,false,,2019-12-16T20:27:41.000Z,0
CVE-2019-13181,https://securityvulnerability.io/vulnerability/CVE-2019-13181,,A CSV injection vulnerability exists in the web UI of SolarWinds Serv-U FTP Server v15.1.7.,Solarwinds,Serv-u Ftp Server,6.5,MEDIUM,0.0024500000290572643,false,,false,false,false,,,false,false,,2019-12-16T20:26:41.000Z,0
CVE-2019-12181,https://securityvulnerability.io/vulnerability/CVE-2019-12181,,A privilege escalation vulnerability exists in SolarWinds Serv-U before 15.1.7 for Linux.,Solarwinds,"Serv-u Mft Server,Serv-u Ftp Server",8.8,HIGH,0.882889986038208,false,,false,false,true,2019-06-12T22:18:45.000Z,true,false,false,,2019-06-17T15:16:26.000Z,0
CVE-2018-19999,https://securityvulnerability.io/vulnerability/CVE-2018-19999,,"The local management interface in SolarWinds Serv-U FTP Server 15.1.6.25 has incorrect access controls that permit local users to bypass authentication in the application and execute code in the context of the Windows SYSTEM account, leading to privilege escalation. To exploit this vulnerability, an attacker must have local access the the host running Serv-U, and a Serv-U administrator have an active management console session.",Solarwinds,Serv-u Ftp Server,7.8,HIGH,0.0006000000284984708,false,,false,false,false,,,false,false,,2019-06-07T16:13:37.000Z,0
CVE-2018-19934,https://securityvulnerability.io/vulnerability/CVE-2018-19934,,SolarWinds Serv-U FTP Server 15.1.6.25 has reflected cross-site scripting (XSS) in the Web management interface via URL path and HTTP POST parameter.,Solarwinds,Serv-u Ftp Server,4.8,MEDIUM,0.006310000084340572,false,,false,false,false,,,false,false,,2019-03-21T16:00:00.000Z,0
CVE-2018-15906,https://securityvulnerability.io/vulnerability/CVE-2018-15906,,SolarWinds Serv-U FTP Server 15.1.6 allows remote authenticated users to execute arbitrary code by leveraging the Import feature and modifying a CSV file.,Solarwinds,Serv-u Ftp Server,7.2,HIGH,0.024809999391436577,false,,false,false,false,,,false,false,,2019-03-21T16:00:00.000Z,0