Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In SolarWinds Serv-U before 15.2.2 Hotfix 1, there is a directory containing user profile files (that include users' password hashes) that is world readable and writable. An unprivileged Windows user (having access to the server's filesystem) can add an FTP user by copying a valid profile file to this directory. For example, if this profile sets up a user with a C:\ home directory, then the attacker obtains access to read or replace arbitrary files with LocalSystem privileges.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
SolarWinds Serv-U FTP Server 授权问题漏洞
Vulnerability Description
SolarWinds Serv-U FTP Server是美国SolarWinds公司的一套FTP和MFT文件传输软件。 SolarWinds Serv-U before 15.2.2 Hotfix 1 存在安全漏洞,该漏洞源于有一个目录包含用户配置文件(其中包括用户的密码散列),它是可读和可写的。
CVSS Information
N/A
Vulnerability Type
N/A