Filtered by vendor Solarwinds
Subscribe
Total
317 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2111 | 1 Solarwinds | 1 Serv-u File Server | 2026-04-16 | 8.5 HIGH | N/A |
| Stack-based buffer overflow in the site chmod command in Serv-U FTP Server before 4.2 allows remote attackers to execute arbitrary code via a long filename. | |||||
| CVE-2004-0330 | 1 Solarwinds | 1 Serv-u File Server | 2026-04-16 | 10.0 HIGH | N/A |
| Buffer overflow in Serv-U ftp before 5.0.0.4 allows remote authenticated users to execute arbitrary code via a long time zone argument to the MDTM command. | |||||
| CVE-2004-1852 | 1 Solarwinds | 1 Dameware Mini Remote Control | 2026-04-16 | 5.0 MEDIUM | N/A |
| DameWare Mini Remote Control 3.x before 3.74 and 4.x before 4.2 transmits the Blowfish encryption key in plaintext, which allows remote attackers to gain sensitive information. | |||||
| CVE-2004-1675 | 1 Solarwinds | 1 Serv-u File Server | 2026-04-16 | 5.0 MEDIUM | N/A |
| Serv-U FTP server 4.x and 5.x allows remote attackers to cause a denial of service (application crash) via a STORE UNIQUE (STOU) command with an MS-DOS device name argument such as (1) COM1, (2) LPT1, (3) PRN, or (4) AUX. | |||||
| CVE-2002-1209 | 1 Solarwinds | 1 Tftp Server | 2026-04-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in SolarWinds TFTP Server 5.0.55, and possibly earlier, allows remote attackers to read arbitrary files via "..\" (dot-dot backslash) sequences in a GET request. | |||||
| CVE-2001-1463 | 1 Solarwinds | 1 Serv-u File Server | 2026-04-16 | 7.5 HIGH | N/A |
| The remote administration client for RhinoSoft Serv-U 3.0 sends the user password in plaintext even when S/KEY One-Time Password (OTP) authentication is enabled, which allows remote attackers to sniff passwords. | |||||
| CVE-2004-1992 | 1 Solarwinds | 1 Serv-u File Server | 2026-04-16 | 5.0 MEDIUM | N/A |
| Buffer overflow in Serv-U FTP server before 5.0.0.6 allows remote attackers to cause a denial of service (crash) via a long -l parameter, which triggers an out-of-bounds read. | |||||
| CVE-2004-2533 | 1 Solarwinds | 1 Serv-u File Server | 2026-04-16 | 5.0 MEDIUM | N/A |
| Serv-U FTP Server 4.1 (possibly 4.0) allows remote attackers to cause a denial of service (application crash) via a SITE CHMOD command with a "\\...\" followed by a short string, causing partial memory corruption, a different vulnerability than CVE-2004-2111. | |||||
| CVE-2002-2393 | 1 Solarwinds | 1 Serv-u File Server | 2026-04-16 | 5.0 MEDIUM | N/A |
| Serv-U FTP server 3.0, 3.1 and 4.0.0.4 does not accept new connections while validating user folder access rights, which allows remote attackers to cause a denial of service (no new connections) via a series of MKD commands. | |||||
| CVE-2001-0054 | 1 Solarwinds | 1 Serv-u File Server | 2026-04-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in FTP Serv-U before 2.5i allows remote attackers to escape the FTP root and read arbitrary files by appending a string such as "/..%20." to a CD command, a variant of a .. (dot dot) attack. | |||||
| CVE-2006-1951 | 1 Solarwinds | 1 Tftp Server | 2026-04-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in SolarWinds TFTP Server 8.1 and earlier allows remote attackers to download arbitrary files via a crafted GET request including "....//" sequences, which are collapsed into "../" sequences by filtering. | |||||
| CVE-2002-1542 | 1 Solarwinds | 1 Tftp Server | 2026-04-16 | 5.0 MEDIUM | N/A |
| SolarWinds TFTP server 5.0.55 and earlier allows remote attackers to cause a denial of service (crash) via a large UDP datagram, possibly triggering a buffer overflow. | |||||
| CVE-2026-28298 | 1 Solarwinds | 1 Observability Self-hosted | 2026-03-31 | N/A | 5.9 MEDIUM |
| SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution. | |||||
| CVE-2026-28297 | 1 Solarwinds | 1 Observability Self-hosted | 2026-03-31 | N/A | 6.1 MEDIUM |
| SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution. | |||||
| CVE-2025-26399 | 1 Solarwinds | 1 Web Help Desk | 2026-03-10 | N/A | 9.8 CRITICAL |
| SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986. | |||||
| CVE-2025-40553 | 1 Solarwinds | 1 Web Help Desk | 2026-02-26 | N/A | 9.8 CRITICAL |
| SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication. | |||||
| CVE-2025-40552 | 1 Solarwinds | 1 Web Help Desk | 2026-02-26 | N/A | 9.8 CRITICAL |
| SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited, would allow a malicious actor to execute actions and methods that should be protected by authentication. | |||||
| CVE-2024-28995 | 1 Solarwinds | 1 Serv-u | 2026-02-26 | N/A | 8.6 HIGH |
| SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine. | |||||
| CVE-2023-23841 | 1 Solarwinds | 1 Serv-u | 2026-02-25 | N/A | 7.5 HIGH |
| SolarWinds Serv-U is submitting an HTTP request when changing or updating the attributes for File Share or File request. Part of the URL of the request discloses sensitive data. | |||||
| CVE-2022-38106 | 1 Solarwinds | 1 Serv-u | 2026-02-25 | N/A | 5.4 MEDIUM |
| This vulnerability happens in the web client versions 15.3.0 to Serv-U 15.3.1. This vulnerability affects the directory creation function. | |||||