First published: Fri Dec 31 2004(Updated: )
Serv-U FTP server before 5.1.0.0 has a default account and password for local administration, which allows local users to execute arbitrary commands by connecting to the server using the default administrator account, creating a new user, logging in as that new user, and then using the SITE EXEC command.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Solarwinds Serv-u File Server | =3.0.0.16 | |
Solarwinds Serv-u File Server | =3.0.0.17 | |
Solarwinds Serv-u File Server | =3.1.0.0 | |
Solarwinds Serv-u File Server | =3.1.0.1 | |
Solarwinds Serv-u File Server | =3.1.0.3 | |
Solarwinds Serv-u File Server | =4.0.0.4 | |
Solarwinds Serv-u File Server | =4.1.0.0 | |
Solarwinds Serv-u File Server | =4.1.0.3 | |
Solarwinds Serv-u File Server | =5.0.0.0 | |
Solarwinds Serv-u File Server | =5.0.0.4 | |
Solarwinds Serv-u File Server | =5.0.0.9 | |
Solarwinds Serv-u File Server | <=5.0.0.11 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.