Description
Directory traversal vulnerability in Serv-U FTP Server before 11.1.0.5 allows remote authenticated users to read and write arbitrary files, and list and create arbitrary directories, via a "..:/" (dot dot colon forward slash) in the (1) list, (2) put, or (3) get commands.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by kingcope · textremotewindows
https://www.exploit-db.com/exploits/18182
References (4)
Core 4
Core References
Various Sources x_refsource_confirm
http://www.serv-u.com/releasenotes/
Exploit mailing-list
x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2011-11/0454.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/47021
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/18182
Scores
EPSS
0.0125
EPSS Percentile
79.4%
Details
CWE
CWE-22
Status
published
Products (50)
solarwinds/serv-u_file_server
3.0.0.16
solarwinds/serv-u_file_server
3.0.0.17
solarwinds/serv-u_file_server
3.1.0.0
solarwinds/serv-u_file_server
3.1.0.1
solarwinds/serv-u_file_server
3.1.0.3
solarwinds/serv-u_file_server
4.0.0.4
solarwinds/serv-u_file_server
4.1.0.0
solarwinds/serv-u_file_server
4.1.0.3
solarwinds/serv-u_file_server
5.0.0.0
solarwinds/serv-u_file_server
5.0.0.4
... and 40 more
Published
Dec 14, 2011
Tracked Since
Feb 18, 2026