16 results (0.024 seconds)

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1

The Web Client in Cerberus FTP Server Enterprise before 10.0.19 and 11.x before 11.0.4 allows XSS via an SVG document. El Cliente Web en Cerberus FTP Server Enterprise versiones anteriores a 10.0.19 y 11.x versiones anteriores a 11.0.4 permite un XSS por medio de un documento SVG • https://www.exploit-db.com/exploits/49981 https://www.cerberusftp.com/products/releasenotes https://www.cerberusftp.com/xss-vulnerability-when-previewing-svg-content • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 2

The Olive Tree FTP Server (aka com.theolivetree.ftpserver) application through 1.32 for Android allows remote attackers to cause a denial of service via a client that makes many connection attempts and drops certain packets. La aplicación Olive Tree FTP Server (también conocida como com.theolivetree.ftpserver), hasta la versión 1.32 para Android, permite a los atacantes remotos provocar una denegación de servicio (DoS) y dejar determinados paquetes. • https://www.exploit-db.com/exploits/46464 https://www.youtube.com/watch?v=C8Nz3YmVc_g •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1

Accellion FTP server prior to version FTA_9_12_220 only returns the username in the server response if the username is invalid. An attacker may use this information to determine valid user accounts and enumerate them. El servidor Accellion FTP en versiones anteriores a FTA_9_12_220 solo devuelve el nombre de usuario en la respuesta del servidor si el nombre de usuario no es válido. Un atacante podría usar esta información para determinar cuentas de usuario válidas y enumerarlas. • https://www.kb.cert.org/vuls/id/745607 https://www.qualys.com/2016/12/06/qsa-2016-12-06/qsa-2016-12-06.pdf https://www.securityfocus.com/bid/96154 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-204: Observable Response Discrepancy •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

Accellion FTP server prior to version FTA_9_12_220 uses the Accusoft Prizm Content flash component, which contains multiple parameters (customTabCategoryName, customButton1Image) that are vulnerable to cross-site scripting. El servidor Accellion FTP en versiones anteriores a FTA_9_12_220 emplea el componente de flash Accusoft Prizm Content, que contiene múltiples parámetros (customTabCategoryName, customButton1Image) que son vulnerables a Cross-Site Scripting (XSS). • https://www.kb.cert.org/vuls/id/745607 https://www.qualys.com/2016/12/06/qsa-2016-12-06/qsa-2016-12-06.pdf https://www.securityfocus.com/bid/96154 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •

CVSS: 4.3EPSS: 0%CPEs: 132EXPL: 1

Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cerberus FTP Server before 5.0.6.0 allow (1) remote attackers to inject arbitrary web script or HTML via a log entry that is not properly handled within the Log Manager component, and might allow (2) remote authenticated administrators to inject arbitrary web script or HTML via a Messages field to the servermanager program. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en la interfaz web administrativa de Cerberus FTP Server antes de v5.0.6.0 permite (1) atacantes remotos inyectar secuencias de comandos web o HTML a través de una entrada de registro que no se utilizan con cuidado dentro del componente Log Manager, y podría permitir (2) a los administradores remotos autenticados inyectar secuencias de comandos web o HTML a través de un campo Messages al programa servermanager. • http://archives.neohapsis.com/archives/bugtraq/2012-12/0118.html http://sadgeeksinsnow.blogspot.com/2012/12/persistence-is-key-another-bug-hunt.html http://www.cerberusftp.com/products/releasenotes.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •