serv u software vulnerabilities
vulnerabilities.aspcode.net
Searching serv u software vulnerabilities
The default configuration of Serv-U 2.5d and ea
configuration
|
requesting
|
attackers
|
determine
|
directory
|
pathname
|
default
|
earlier
|
server
|
allows
|
remote
|
Serv-U
|
exist
|
file
|
does
|
real
|
25d
|
not
|
URL
|
The default configuration of Serv-U 2.5d and earlier allows remote attackers to determine the real pathname of the server by requesting a URL for a directory or file that does not exist.
Serv-U FTP Server allows remote attackers to by
anti-hammering
|
attackers
|
logging
|
feature
|
bypass
|
Server
|
Serv-U
|
allows
|
remote
|
first
|
valid
|
user
|
its
|
FTP
|
Serv-U FTP Server allows remote attackers to bypass its anti-hammering feature by first logging on as a valid user (possibly anonymous) and then attempting to guess the passwords of other users.
lpusers as included with SCO OpenServer 5.0 thr
OpenServer
|
included
|
lpusers
|
through
|
SCO
|
lpusers as included with SCO OpenServer 5.0 through 5.0.6 allows a local attacker to gain additional privileges via a buffer overflow attack in the '-u' command line parameter.
mandb in the man-db package before 2.3.16-3 all
overwrite
|
arbitrary
|
command
|
options
|
package
|
allows
|
before
|
man-db
|
2316-3
|
files
|
local
|
mandb
|
users
|
line
|
via
|
mandb in the man-db package before 2.3.16-3 allows local users to overwrite arbitrary files via the command line options (1) -u or (2) -c, which do not drop privileges and follow symlinks.
The remote admimnistration client for RhinoSoft
admimnistration
|
RhinoSoft
|
plaintext
|
One-Time
|
password
|
client
|
remote
|
Serv-U
|
S/KEY
|
sends
|
user
|
even
|
The remote admimnistration client for RhinoSoft Serv-U 3.0 sends the user password in plaintext even when S/KEY One-Time Password (OTP) authentication is enabled, which allows remote attackers to sniff passwords.
Directory traversal vulnerability in Quik-Serv
vulnerability
|
arbitrary
|
attackers
|
Quik-Serv
|
Directory
|
traversal
|
remote
|
allows
|
server
|
files
|
HTTP
|
read
|
via
|
11B
|
Directory traversal vulnerability in Quik-Serv HTTP server 1.1B allows remote attackers to read arbitrary files via a .. (dot dot) in a URL.
Buffer overflows in the cifslogin command for H
privileges
|
CIFS/9000
|
cifslogin
|
overflows
|
earlier
|
Sharity
|
package
|
command
|
allows
|
Client
|
Buffer
|
users
|
local
|
A0106
|
based
|
long
|
gain
|
root
|
via
|
Buffer overflows in the cifslogin command for HP CIFS/9000 Client A.01.06 and earlier, based on the Sharity package, allows local users to gain root privileges via long (1) -U, (2) -D, (3) -P, (4) -S, (5) -N, or (6) -u parameters.
Horde IMP 2.2.7 allows remote attackers to obta
Horde
|
IMP
|
Horde IMP 2.2.7 allows remote attackers to obtain the full web root pathname via an HTTP request for (1) poppassd.php3, (2) login.php3?reason=chpass2, (3) spelling.php3, and (4) ldap.search.php3?ldap_serv=nonsense which leaks the information in error messages.
Buffer overflow in Serv-U ftp before 5.0.0.4 al
overflow
|
before
|
Serv-U
|
Buffer
|
ftp
|
Buffer overflow in Serv-U ftp before 5.0.0.4 allows remote authenticated users to execute arbitrary code via a long time zone argument to the MDTM command.
Serv-U FTP server 4.x and 5.x allows remote att
attackers
|
service
|
remote
|
denial
|
Serv-U
|
server
|
allows
|
cause
|
FTP
|
Serv-U FTP server 4.x and 5.x allows remote attackers to cause a denial of service (application crash) via a STORE UNIQUE (STOU) command with an MS-DOS device name argument such as (1) COM1, (2) LPT1, (3) PRN, or (4) AUX.
Buffer overflow in Serv-U FTP server before 5.0
overflow
|
server
|
before
|
Buffer
|
Serv-U
|
FTP
|
Buffer overflow in Serv-U FTP server before 5.0.0.6 allows remote attackers to cause a denial of service (crash) via a long -l parameter, which triggers an out-of-bounds read.
Stack-based buffer overflow in the site chmod c
Stack-based
|
arbitrary
|
attackers
|
filename
|
overflow
|
command
|
execute
|
allows
|
remote
|
before
|
Serv-U
|
buffer
|
Server
|
chmod
|
long
|
code
|
site
|
FTP
|
via
|
Stack-based buffer overflow in the site chmod command in Serv-U FTP Server before 4.2 allows remote attackers to execute arbitrary code via a long filename.
Serv-U FTP server before 5.1.0.0 has a default
server
|
before
|
Serv-U
|
FTP
|
Serv-U FTP server before 5.1.0.0 has a default account and password for local administration, which allows local users to execute arbitrary commands by connecting to the server using the default administrator account, creating a new user, logging in as that new user, and then using the SITE EXEC command.
Serv-U FTP Server 4.1 (possibly 4.0) allows rem
Server
|
Serv-U
|
FTP
|
Serv-U FTP Server 4.1 (possibly 4.0) allows remote attackers to cause a denial of service (application crash) via a SITE CHMOD command with a "\\...\" followed by a short string, causing partial memory corruption, a different vulnerability than CVE-2004-2111.
Cross-site scripting (XSS) vulnerability in ind
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in index.php in Flyspray 0.9.7 through 0.9.8 (devel) allows remote attackers to inject arbitrary web script or HTML via the (1) PHPSESSID, (2) task, (3) string, (4) type, (5) serv, (6) due, (7) dev, and (8) sort2 parameters.
Serv-U FTP Server before 6.1.0.4 allows attacke
Server
|
before
|
Serv-U
|
FTP
|
Serv-U FTP Server before 6.1.0.4 allows attackers to cause a denial of service (crash) via (1) malformed packets and possibly other unspecified issues with unknown impact and attack vectors including (2) use of "~" in a pathname, and (3) memory consumption of the daemon. NOTE: it is not clear whether items (2) and above are vulnerabilities.
Cross-site scripting (XSS) vulnerability in blo
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in blogBuddies 0.3 allows remote attackers to inject arbitrary web script or HTML via the u parameter to index.php.
ioFTPD 0.5.84 u responds with different message
ioFTPD
|
ioFTPD 0.5.84 u responds with different messages depending on whether or not a username exists, which allows remote attackers to enumerate valid usernames.
Multiple cross-site scripting (XSS) vulnerabili
cross-site
|
scripting
|
Multiple
|
Multiple cross-site scripting (XSS) vulnerabilities in Unak CMS 1.5 RC2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) u_a or (2) u_s parameters. NOTE: this might be resultant from SQL injection.
Multiple SQL injection vulnerabilities in Unak
vulnerabilities
|
arbitrary
|
injection
|
attackers
|
commands
|
Multiple
|
execute
|
earlier
|
remote
|
allow
|
Unak
|
SQL
|
via
|
RC2
|
CMS
|
Multiple SQL injection vulnerabilities in Unak CMS 1.5 RC2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) u_a or (2) u_s parameters.
Software vulnerabilities results 1 to 20 of 57
Page:
1
2
3
►