Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Cerberusftp Security Vulnerabilities

cve
cve

CVE-2004-2769

Cerberus FTP Server before 4.0.3.0 allows remote authenticated users to list hidden files, even when the "Display hidden files" option is enabled, via the (1) MLSD or (2) MLST commands.

6.5AI Score

0.002EPSS

2022-10-03 04:14 PM
31
cve
cve

CVE-2012-2999

Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in Cerberus FTP Server before 5.0.5.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user account or (2) reconfigure the state of the FTP service, as demonstrated by a ...

7.4AI Score

0.002EPSS

2012-10-04 07:55 PM
27
cve
cve

CVE-2012-5301

The default configuration of Cerberus FTP Server before 5.0.4.0 supports the DES cipher for SSH sessions, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and performing a brute-force attack on the encrypted data.

6.3AI Score

0.002EPSS

2012-10-04 07:55 PM
19
cve
cve

CVE-2012-6339

Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cerberus FTP Server before 5.0.6.0 allow (1) remote attackers to inject arbitrary web script or HTML via a log entry that is not properly handled within the Log Manager component, and might allow (2) remote a...

5.4AI Score

0.002EPSS

2022-10-03 04:15 PM
19
cve
cve

CVE-2017-6367

In Cerberus FTP Server 8.0.10.1, a crafted HTTP request causes the Windows service to crash. The attack methodology involves a long Host header and an invalid Content-Length header.

7.5CVSS

7.4AI Score

0.007EPSS

2017-03-14 09:59 AM
36
cve
cve

CVE-2019-25046

The Web Client in Cerberus FTP Server Enterprise before 10.0.19 and 11.x before 11.0.4 allows XSS via an SVG document.

6.1CVSS

5.9AI Score

0.001EPSS

2021-06-10 12:15 PM
56
6
cve
cve

CVE-2020-5194

The zip API endpoint in Cerberus FTP Server 8 allows an authenticated attacker without zip permission to use the zip functionality via an unrestricted API endpoint. Improper permission verification occurs when calling the file/ajax_download_zip/zip_name endpoint. The result is that a user without p...

5.4CVSS

5.3AI Score

0.001EPSS

2020-01-14 02:15 PM
42
cve
cve

CVE-2020-5195

Reflected XSS through an IMG element in Cerberus FTP Server prior to versions 11.0.1 and 10.0.17 allows a remote attacker to execute arbitrary JavaScript or HTML via a crafted public folder URL. This occurs because of the folder_up.png IMG element not properly sanitizing user-inserted directory pat...

6.1CVSS

6.1AI Score

0.002EPSS

2020-01-13 06:15 PM
49
cve
cve

CVE-2020-5196

Cerberus FTP Server Enterprise Edition prior to versions 11.0.3 and 10.0.18 allows an authenticated attacker to create files, display hidden files, list directories, and list files without the permission to zip and download (or unzip and upload) files. There are multiple ways to bypass certain perm...

8.1CVSS

7.8AI Score

0.002EPSS

2020-01-14 02:15 PM
70