cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2021-35252,https://securityvulnerability.io/vulnerability/CVE-2021-35252,Common Key Vulnerability in Serv-U FTP Server,Common encryption key appears to be used across all deployed instances of Serv-U FTP Server. Because of this an encrypted value that is exposed to an attacker can be simply recovered to plaintext.,Solarwinds,Serv-u Ftp Server,7.5,HIGH,0.0008200000156648457,false,,false,false,false,,,false,false,,2022-12-16T00:00:00.000Z,0
CVE-2022-38106,https://securityvulnerability.io/vulnerability/CVE-2022-38106,"Cross-Site Scripting Vulnerability in Serv-U Web Client ","
This vulnerability happens in the web client versions 15.3.0 to Serv-U 15.3.1. This vulnerability affects the directory creation function.  

",Solarwinds,Serv-u File Server,5.4,MEDIUM,0.0006200000061653554,false,,false,false,false,,,false,false,,2022-12-16T00:00:00.000Z,0
CVE-2021-35242,https://securityvulnerability.io/vulnerability/CVE-2021-35242,A valid CSRF token is present in response to an invalid request,Serv-U server responds with valid CSRFToken when the request contains only Session.,Solarwinds,Serv-u Server,8.3,HIGH,0.0008900000248104334,false,,false,false,false,,,false,false,,2021-12-06T16:53:22.000Z,0
CVE-2021-35211,https://securityvulnerability.io/vulnerability/CVE-2021-35211,Serv-U Remote Memory Escape Vulnerability,"Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. If exploited, a threat actor may be able to gain privileged access to the machine hosting Serv-U Only. SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP for Windows before 15.2.3 HF2 are affected by this vulnerability.",Solarwinds,Serv-u Managed File Transfer Server And Serv-u Secured Ftp,10,CRITICAL,0.9345800280570984,true,2021-11-03T00:00:00.000Z,false,true,true,2021-11-03T00:00:00.000Z,true,false,false,,2021-07-14T21:15:00.000Z,0
CVE-2020-22428,https://securityvulnerability.io/vulnerability/CVE-2020-22428,Cross Site Scripting in SolarWinds Serv-U Product,"The vulnerability in SolarWinds Serv-U allows malicious actors to inject JavaScript payloads through directory names specified by an admin. This Cross Site Scripting (XSS) issue could enable attackers to execute unauthorized scripts in the context of a user's session, potentially leading to data theft or session hijacking. Users of Serv-U versions prior to 15.1.6 Hotfix 3 should take immediate action to mitigate this risk.",Solarwinds,"Serv-u Ftp Server,Serv-u Mft Server",4.8,MEDIUM,0.0014600000577047467,false,,false,false,false,,,false,false,,2021-05-05T02:42:51.000Z,0
CVE-2021-25179,https://securityvulnerability.io/vulnerability/CVE-2021-25179,Cross Site Scripting in SolarWinds Serv-U Software,"SolarWinds Serv-U prior to version 15.2 is susceptible to an XSS vulnerability that occurs via the manipulation of the HTTP Host header. This security risk can potentially allow an attacker to execute malicious scripts in the context of an affected user's session, leading to unauthorized actions or data exposure. Users are advised to upgrade to a patched version to mitigate these security threats.",Solarwinds,Serv-u File Server,6.1,MEDIUM,0.0016400000313296914,false,,false,false,false,,,false,false,,2021-05-05T02:40:13.000Z,0
CVE-2020-15541,https://securityvulnerability.io/vulnerability/CVE-2020-15541,,SolarWinds Serv-U FTP server before 15.2.1 allows remote command execution.,Solarwinds,Serv-u Ftp Server,9.8,CRITICAL,0.01221999991685152,false,,false,false,false,,,false,false,,2020-07-05T21:04:29.000Z,0
CVE-2020-15543,https://securityvulnerability.io/vulnerability/CVE-2020-15543,,SolarWinds Serv-U FTP server before 15.2.1 does not validate an argument path.,Solarwinds,Serv-u Ftp Server,9.8,CRITICAL,0.002219999907538295,false,,false,false,false,,,false,false,,2020-07-05T21:04:16.000Z,0
CVE-2020-15542,https://securityvulnerability.io/vulnerability/CVE-2020-15542,,SolarWinds Serv-U FTP server before 15.2.1 mishandles the CHMOD command.,Solarwinds,Serv-u Ftp Server,9.8,CRITICAL,0.002219999907538295,false,,false,false,false,,,false,false,,2020-07-05T21:04:05.000Z,0
CVE-2019-19829,https://securityvulnerability.io/vulnerability/CVE-2019-19829,,"A cross-site scripting (XSS) vulnerability exists in SolarWinds Serv-U FTP Server 15.1.7 in the email parameter, a different vulnerability than CVE-2018-19934 and CVE-2019-13182.",Solarwinds,Serv-u Ftp Server,5.4,MEDIUM,0.0008900000248104334,false,,false,false,false,,,false,false,,2019-12-18T17:15:19.000Z,0
CVE-2019-13182,https://securityvulnerability.io/vulnerability/CVE-2019-13182,,A stored cross-site scripting (XSS) vulnerability exists in the web UI of SolarWinds Serv-U FTP Server 15.1.7.,Solarwinds,Serv-u Ftp Server,5.4,MEDIUM,0.012849999591708183,false,,false,false,false,,,false,false,,2019-12-16T20:27:41.000Z,0
CVE-2019-13181,https://securityvulnerability.io/vulnerability/CVE-2019-13181,,A CSV injection vulnerability exists in the web UI of SolarWinds Serv-U FTP Server v15.1.7.,Solarwinds,Serv-u Ftp Server,6.5,MEDIUM,0.0024500000290572643,false,,false,false,false,,,false,false,,2019-12-16T20:26:41.000Z,0
CVE-2019-12181,https://securityvulnerability.io/vulnerability/CVE-2019-12181,,A privilege escalation vulnerability exists in SolarWinds Serv-U before 15.1.7 for Linux.,Solarwinds,"Serv-u Mft Server,Serv-u Ftp Server",8.8,HIGH,0.882889986038208,false,,false,false,true,2019-06-12T22:18:45.000Z,true,false,false,,2019-06-17T15:16:26.000Z,0
CVE-2018-19999,https://securityvulnerability.io/vulnerability/CVE-2018-19999,,"The local management interface in SolarWinds Serv-U FTP Server 15.1.6.25 has incorrect access controls that permit local users to bypass authentication in the application and execute code in the context of the Windows SYSTEM account, leading to privilege escalation. To exploit this vulnerability, an attacker must have local access the the host running Serv-U, and a Serv-U administrator have an active management console session.",Solarwinds,Serv-u Ftp Server,7.8,HIGH,0.0006000000284984708,false,,false,false,false,,,false,false,,2019-06-07T16:13:37.000Z,0
CVE-2018-19934,https://securityvulnerability.io/vulnerability/CVE-2018-19934,,SolarWinds Serv-U FTP Server 15.1.6.25 has reflected cross-site scripting (XSS) in the Web management interface via URL path and HTTP POST parameter.,Solarwinds,Serv-u Ftp Server,4.8,MEDIUM,0.006310000084340572,false,,false,false,false,,,false,false,,2019-03-21T16:00:00.000Z,0
CVE-2018-15906,https://securityvulnerability.io/vulnerability/CVE-2018-15906,,SolarWinds Serv-U FTP Server 15.1.6 allows remote authenticated users to execute arbitrary code by leveraging the Import feature and modifying a CSV file.,Solarwinds,Serv-u Ftp Server,7.2,HIGH,0.024809999391436577,false,,false,false,false,,,false,false,,2019-03-21T16:00:00.000Z,0
CVE-2011-4800,https://securityvulnerability.io/vulnerability/CVE-2011-4800,,"Directory traversal vulnerability in Serv-U FTP Server before 11.1.0.5 allows remote authenticated users to read and write arbitrary files, and list and create arbitrary directories, via a ""..:/"" (dot dot colon forward slash) in the (1) list, (2) put, or (3) get commands.",Solarwinds,Serv-u File Server,,,0.01623000018298626,false,,false,false,false,,,false,false,,2011-12-14T00:55:00.000Z,0
CVE-2009-4815,https://securityvulnerability.io/vulnerability/CVE-2009-4815,,Directory traversal vulnerability in Serv-U before 9.2.0.1 allows remote authenticated users to read arbitrary files via unspecified vectors.,Solarwinds,Serv-u File Server,,,0.0017800000496208668,false,,false,false,false,,,false,false,,2010-04-27T15:00:00.000Z,0
CVE-2009-4006,https://securityvulnerability.io/vulnerability/CVE-2009-4006,,"Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft Serv-U FTP server 7.0.0.1, 9.0.0.5, and other versions before 9.1.0.0 allows remote attackers to execute arbitrary code via a long hexadecimal string.",Solarwinds,Serv-u File Server,,,0.9392399787902832,false,,false,false,false,,,false,false,,2009-11-20T11:00:00.000Z,0
CVE-2009-3655,https://securityvulnerability.io/vulnerability/CVE-2009-3655,,"Rhino Software Serv-U 7.0.0.1 through 8.2.0.3 allows remote attackers to cause a denial of service (server crash) via unspecified vectors related to the ""SITE SET TRANSFERPROGRESS ON"" FTP command.",Solarwinds,Serv-u File Server,,,0.0063299997709691525,false,,false,false,false,,,false,false,,2009-10-09T14:18:00.000Z,0
CVE-2009-1031,https://securityvulnerability.io/vulnerability/CVE-2009-1031,,Directory traversal vulnerability in the FTP server in Rhino Software Serv-U File Server 7.0.0.1 through 7.4.0.1 allows remote attackers to create arbitrary directories via a \.. (backslash dot dot) in an MKD request.,Solarwinds,Serv-u File Server,,,0.6480699777603149,false,,false,false,false,,,false,false,,2009-03-20T00:00:00.000Z,0
CVE-2009-0967,https://securityvulnerability.io/vulnerability/CVE-2009-0967,,The FTP server in Serv-U 7.0.0.1 through 7.4.0.1 allows remote authenticated users to cause a denial of service (service hang) via a large number of SMNT commands without an argument.,Solarwinds,Serv-u File Server,,,0.02384999953210354,false,,false,false,false,,,false,false,,2009-03-19T10:00:00.000Z,0
CVE-2008-4500,https://securityvulnerability.io/vulnerability/CVE-2008-4500,,"Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted stou command, probably related to MS-DOS device names, as demonstrated using ""con:1"".",Solarwinds,Serv-u File Server,,,0.03061000071465969,false,,false,false,false,,,false,false,,2008-10-09T00:00:00.000Z,0
CVE-2008-4501,https://securityvulnerability.io/vulnerability/CVE-2008-4501,,"Directory traversal vulnerability in the FTP server in Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to overwrite or create arbitrary files via a ..\ (dot dot backslash) in the RNTO command.",Solarwinds,Serv-u File Server,,,0.02379000000655651,false,,false,false,false,,,false,false,,2008-10-09T00:00:00.000Z,0
CVE-2008-3731,https://securityvulnerability.io/vulnerability/CVE-2008-3731,,"Unspecified vulnerability in Serv-U File Server 7.0.0.1, and other versions before 7.2.0.1, allows remote authenticated users to cause a denial of service (daemon crash) via an SSH session with SFTP commands for directory creation and logging.",Solarwinds,Serv-u File Server,,,0.0032500000670552254,false,,false,false,false,,,false,false,,2008-08-20T16:00:00.000Z,0