CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5052 – Resource consumption vulnerability in Cerberus FTP Enterprise
https://notcve.org/view.php?id=CVE-2024-5052
17 May 2024 — Denial of Service (DoS) vulnerability for Cerberus Enterprise 8.0.10.3 web administration. The vulnerability exists when the web server, default port 10001, attempts to process a large number of incomplete HTTP requests. Vulnerabilidad de denegación de servicio (DoS) para la administración web de Cerberus Enterprise 8.0.10.3. La vulnerabilidad existe cuando el servidor web, puerto predeterminado 10001, intenta procesar una gran cantidad de solicitudes HTTP incompletas. • https://www.incibe.es/en/incibe-cert/notices/aviso/resource-consumption-vulnerability-cerberus-ftp-enterprise • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 9%CPEs: 1EXPL: 2CVE-2017-6880 – Cerberus FTP Server 8.0.10.3 - 'MLST' Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2017-6880
17 Mar 2017 — Buffer overflow in Cerberus FTP Server 8.0.10.3 allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long MLST command. Desbordamiento de búfer en Cerberus FTP Server 8.0.10.3 permite a atacantes remotos provocar una denegación de servicio (fallo del demonio) o posiblemente tener otro impacto no especificado a través de un comando largo MLST. • https://packetstorm.news/files/id/142502 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2008-6440
https://notcve.org/view.php?id=CVE-2008-6440
06 Mar 2009 — Cerberus Helpdesk before 4.0 (Build 600) allows remote attackers to obtain sensitive information via direct requests for "controllers ... that aren't standard helpdesk pages," possibly involving the (1) /display and (2) /kb URIs. Cerberus Helpdesk versiones anteriores a v4.0 (Build 600) permite a atacantes remotos obtener información sensible a través de peticiones directas para "controladores ... que no están en páginas estándar de ayuda," posiblemente envolviendo las URIs (1) /display y (2) /kb. • http://secunia.com/advisories/30344 • CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2007-5930
https://notcve.org/view.php?id=CVE-2007-5930
10 Nov 2007 — Cross-site scripting (XSS) vulnerability in the web interface in Cerberus FTP Server before 2.46 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el interfaz web del servidor FTP Cerberus anterior al 2.46, permite a atacantes remotos la inyección de secuencias de comandos web o HTML de su elección a través de vectores sin especificar. • http://osvdb.org/38789 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 13EXPL: 1CVE-2006-6366 – Cerberus Helpdesk 2.x - 'Spellwin.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-6366
07 Dec 2006 — Cross-site scripting (XSS) vulnerability in includes/elements/spellcheck/spellwin.php in Cerberus Helpdesk 0.97.3, 2.0 through 2.7, 3.2.1, and 3.3 allows remote attackers to inject arbitrary web script or HTML via the js parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en includes/elements/spellcheck/spellwin.php de Cerberus Helpdesk 0.97.3, 2.0 hasta 2.7, 3.2.1, y 3... • https://www.exploit-db.com/exploits/29222 •
CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 1CVE-2006-5428 – Cerberus Helpdesk 3.2.1 - 'Rpc.php' Unauthorized Access
https://notcve.org/view.php?id=CVE-2006-5428
20 Oct 2006 — rpc.php in Cerberus Helpdesk 3.2.1 does not verify a client's privileges for a display_get_requesters operation, which allows remote attackers to bypass the GUI login and obtain sensitive information (ticket data) via a direct request. rpc.php en Cerberus Helpdesk 3.2.1 no verifica los privilegios de un cliente para una operación display_get_requesters, lo cual permite a un atacante remoto evitar la validación GUI y obtener información sensible (ticket data) a través de una respuesta directa. • https://www.exploit-db.com/exploits/28826 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2006-4539
https://notcve.org/view.php?id=CVE-2006-4539
05 Sep 2006 — (1) includes/widgets/module_company_tickets.php and (2) includes/widgets/module_track_tickets.php Client Support Center in Cerberus Helpdesk 3.2 Build 317, and possibly earlier, allows remote attackers to bypass security restrictions and obtain sensitive information via the ticket parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. (1) includes/widgets/module_company_tickets.php y(2) includes/widgets/module_track_tickets.php Client Support C... • http://cerberusweb.com/cvsweb.pl/support-center/cerberus-support-center/includes/widgets/module_company_tickets.php.diff?r1=1.6%3Br2=1.7%3Bf=h •
CVSS: 6.1EPSS: 6%CPEs: 2EXPL: 3CVE-2006-0509 – Cerberus Helpdesk 2.7 - 'Clients.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-0509
01 Feb 2006 — Multiple cross-site scripting (XSS) vulnerabilities in clients.php in Cerberus Helpdesk, possibly 2.7, allow remote attackers to inject arbitrary web script or HTML via (1) the contact_search parameter and (2) unspecified url fields. • https://www.exploit-db.com/exploits/27153 •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 3CVE-2005-4427 – Cerberus Helpdesk 2.649 - 'addresses_export.php?queues' SQL Injection
https://notcve.org/view.php?id=CVE-2005-4427
20 Dec 2005 — Multiple SQL injection vulnerabilities in Cerberus Helpdesk allow remote attackers to execute arbitrary SQL commands via the (1) file_id parameter to attachment_send.php, (2) the $addy variable in email_parser.php, (3) $address variable in email_parser.php, (4) $a_address variable in structs.php, (5) kbid parameter to cer_KnowledgebaseHandler.class.php, (6) queues[] parameter to addresses_export.php, (7) $thread variable to display.php, (8) ticket parameter to display_ticket_thread.php. • https://www.exploit-db.com/exploits/26974 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2005-4428
https://notcve.org/view.php?id=CVE-2005-4428
20 Dec 2005 — Cross-site scripting (XSS) vulnerability in index.php in Cerberus Helpdesk allows remote attackers to inject arbitrary web script or HTML via the kb_ask parameter. • http://marc.info/?l=full-disclosure&m=113500878630130&w=2 •