CVE-2004-2532

Serv-U FTP <5.1.0.0 - Command Injection

Title source: llm

Description

Serv-U FTP server before 5.1.0.0 has a default account and password for local administration, which allows local users to execute arbitrary commands by connecting to the server using the default administrator account, creating a new user, logging in as that new user, and then using the SITE EXEC command.

Exploits (1)

exploitdb WORKING POC VERIFIED

by AndrÃ©s Acunha · clocalwindows

https://www.exploit-db.com/exploits/381

View Code ZIP pw:eip

References (4)

[Exploit] http://www.securityfocus.com/bid/10886

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/16925

[Third Party Advisory, VDB Entry] http://www.osvdb.org/8877

[Exploit] http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0216.html

Scores

EPSS 0.0202

EPSS Percentile 83.8%

Details

CWE

CWE-255

Status published

Products (12)

solarwinds/serv-u_file_server 3.0.0.16

solarwinds/serv-u_file_server 3.0.0.17

solarwinds/serv-u_file_server 3.1.0.0

solarwinds/serv-u_file_server 3.1.0.1

solarwinds/serv-u_file_server 3.1.0.3

solarwinds/serv-u_file_server 4.0.0.4

solarwinds/serv-u_file_server 4.1.0.0

solarwinds/serv-u_file_server 4.1.0.3

solarwinds/serv-u_file_server 5.0.0.0

solarwinds/serv-u_file_server 5.0.0.4

... and 2 more

Published Dec 31, 2004

Tracked Since Feb 18, 2026