CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 1CVE-2017-6880 – Cerberus FTP Server 8.0.10.3 - 'MLST' Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2017-6880
Buffer overflow in Cerberus FTP Server 8.0.10.3 allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long MLST command. Desbordamiento de búfer en Cerberus FTP Server 8.0.10.3 permite a atacantes remotos provocar una denegación de servicio (fallo del demonio) o posiblemente tener otro impacto no especificado a través de un comando largo MLST. • https://www.exploit-db.com/exploits/41620 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2007-5930
https://notcve.org/view.php?id=CVE-2007-5930
Cross-site scripting (XSS) vulnerability in the web interface in Cerberus FTP Server before 2.46 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el interfaz web del servidor FTP Cerberus anterior al 2.46, permite a atacantes remotos la inyección de secuencias de comandos web o HTML de su elección a través de vectores sin especificar. • http://osvdb.org/38789 http://secunia.com/advisories/27569 http://www.cerberusftp.com/cerberus-releasenotes.htm#ReleaseNotes http://www.securityfocus.com/bid/26381 http://www.vupen.com/english/advisories/2007/3805 https://exchange.xforce.ibmcloud.com/vulnerabilities/38320 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2003-1476
https://notcve.org/view.php?id=CVE-2003-1476
Cerberus FTP Server 2.1 stores usernames and passwords in plaintext, which could allow local users to gain access. • http://www.cerberusftp.com/cerberus-releasenotes.htm#KnownIssues http://www.securityfocus.com/bid/7556 •