CVE-2024-5052 – Resource consumption vulnerability in Cerberus FTP Enterprise
https://notcve.org/view.php?id=CVE-2024-5052
Denial of Service (DoS) vulnerability for Cerberus Enterprise 8.0.10.3 web administration. The vulnerability exists when the web server, default port 10001, attempts to process a large number of incomplete HTTP requests. Vulnerabilidad de denegación de servicio (DoS) para la administración web de Cerberus Enterprise 8.0.10.3. La vulnerabilidad existe cuando el servidor web, puerto predeterminado 10001, intenta procesar una gran cantidad de solicitudes HTTP incompletas. • https://www.incibe.es/en/incibe-cert/notices/aviso/resource-consumption-vulnerability-cerberus-ftp-enterprise • CWE-400: Uncontrolled Resource Consumption •
CVE-2017-6880 – Cerberus FTP Server 8.0.10.3 - 'MLST' Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2017-6880
Buffer overflow in Cerberus FTP Server 8.0.10.3 allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long MLST command. Desbordamiento de búfer en Cerberus FTP Server 8.0.10.3 permite a atacantes remotos provocar una denegación de servicio (fallo del demonio) o posiblemente tener otro impacto no especificado a través de un comando largo MLST. • https://www.exploit-db.com/exploits/41620 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-6440
https://notcve.org/view.php?id=CVE-2008-6440
Cerberus Helpdesk before 4.0 (Build 600) allows remote attackers to obtain sensitive information via direct requests for "controllers ... that aren't standard helpdesk pages," possibly involving the (1) /display and (2) /kb URIs. Cerberus Helpdesk versiones anteriores a v4.0 (Build 600) permite a atacantes remotos obtener información sensible a través de peticiones directas para "controladores ... que no están en páginas estándar de ayuda," posiblemente envolviendo las URIs (1) /display y (2) /kb. • http://secunia.com/advisories/30344 http://www.cerb4.com/blog/2008/05/15/important-security-patch-40-build-599 http://www.securityfocus.com/bid/29335 • CWE-287: Improper Authentication •
CVE-2007-5930
https://notcve.org/view.php?id=CVE-2007-5930
Cross-site scripting (XSS) vulnerability in the web interface in Cerberus FTP Server before 2.46 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el interfaz web del servidor FTP Cerberus anterior al 2.46, permite a atacantes remotos la inyección de secuencias de comandos web o HTML de su elección a través de vectores sin especificar. • http://osvdb.org/38789 http://secunia.com/advisories/27569 http://www.cerberusftp.com/cerberus-releasenotes.htm#ReleaseNotes http://www.securityfocus.com/bid/26381 http://www.vupen.com/english/advisories/2007/3805 https://exchange.xforce.ibmcloud.com/vulnerabilities/38320 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2006-6366 – Cerberus Helpdesk 2.x - 'Spellwin.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-6366
Cross-site scripting (XSS) vulnerability in includes/elements/spellcheck/spellwin.php in Cerberus Helpdesk 0.97.3, 2.0 through 2.7, 3.2.1, and 3.3 allows remote attackers to inject arbitrary web script or HTML via the js parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en includes/elements/spellcheck/spellwin.php de Cerberus Helpdesk 0.97.3, 2.0 hasta 2.7, 3.2.1, y 3.3 permite a atacantes remotos ejecutar secuencias de comandos web o HTML de su elección mediante el parámetro js. NOTA: la procedencia de esta información es desconocida; los detalles se han obtenido de información de terceros. • https://www.exploit-db.com/exploits/29222 http://secunia.com/advisories/23193 http://www.securityfocus.com/bid/21423 http://www.vupen.com/english/advisories/2006/4875 https://exchange.xforce.ibmcloud.com/vulnerabilities/30719 •