CVE-2004-2532

EPSS 15.7%

Serv-U FTP server before 5.1.0.0 has a default account and password for local administration, which allows local users to execute arbitrary commands by connecting to the server using the default administrator account, creating a new user, logging in as that new user, and then using the SITE EXEC command.

Affected products

n/a · n/a

public PoCs found — 1

exploitdbwww.exploit-db.com/exploits/381unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0216.html https://exchange.xforce.ibmcloud.com/vulnerabilities/16925 http://www.osvdb.org/8877 http://www.securityfocus.com/bid/10886