CVSS: 7.8EPSS: 52%CPEs: 1EXPL: 2CVE-2015-7601 – PCMan FTP Server 2.0.7 - Directory Traversal
https://notcve.org/view.php?id=CVE-2015-7601
29 Sep 2015 — Directory traversal vulnerability in PCMan's FTP Server 2.0.7 allows remote attackers to read arbitrary files via a ..// (dot dot double slash) in a RETR command. Vulnerabilidad de salto de directorio en PCMan's FTP Server 2.0.7, permite a atacantes remotos leer archivos arbitrarios a través de un ..// (punto punto doble barra) en un comando RETR. • https://packetstorm.news/files/id/181001 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 75%CPEs: 1EXPL: 15CVE-2013-4730 – PCMan FTP Server 2.0 - Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2013-4730
28 Jun 2013 — Buffer overflow in PCMan's FTP Server 2.0.7 allows remote attackers to execute arbitrary code via a long string in a USER command. Desbordamiento de buffer en PCMan's FTP Server 2.0.7 permite a atacantes remotos ejecutar código arbitrario a través de una cadena larga en un comando USER. • https://packetstorm.news/files/id/122204 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.8EPSS: 0%CPEs: 132EXPL: 1CVE-2012-6339
https://notcve.org/view.php?id=CVE-2012-6339
31 Dec 2012 — Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cerberus FTP Server before 5.0.6.0 allow (1) remote attackers to inject arbitrary web script or HTML via a log entry that is not properly handled within the Log Manager component, and might allow (2) remote authenticated administrators to inject arbitrary web script or HTML via a Messages field to the servermanager program. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en l... • http://archives.neohapsis.com/archives/bugtraq/2012-12/0118.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 126EXPL: 0CVE-2012-5301
https://notcve.org/view.php?id=CVE-2012-5301
04 Oct 2012 — The default configuration of Cerberus FTP Server before 5.0.4.0 supports the DES cipher for SSH sessions, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and performing a brute-force attack on the encrypted data. La configuración por defecto de Cerberus FTP Server anteriores a v5.0.4.0 soporta el cifrado DES para sesiones SSH, lo que facilita a atacantes remotos obtener información sensible espiando la red y realizando un ataque de fuerza bruta sobre los da... • http://www.cerberusftp.com/products/releasenotes.html • CWE-310: Cryptographic Issues •
CVSS: 8.8EPSS: 0%CPEs: 97EXPL: 0CVE-2012-2999
https://notcve.org/view.php?id=CVE-2012-2999
04 Oct 2012 — Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in Cerberus FTP Server before 5.0.5.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user account or (2) reconfigure the state of the FTP service, as demonstrated by a request to usermanager/users/modify. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en el interfase web de Cerberus FTP Server anteriores a v5.0.5.0, permite a atacantes remotos ... • http://www.cerberusftp.com/products/releasenotes.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.1EPSS: 0%CPEs: 79EXPL: 0CVE-2004-2769
https://notcve.org/view.php?id=CVE-2004-2769
02 Jul 2010 — Cerberus FTP Server before 4.0.3.0 allows remote authenticated users to list hidden files, even when the "Display hidden files" option is enabled, via the (1) MLSD or (2) MLST commands. Cerberus FTP Server antes de v4.0.3.0 permite listar los archivos ocultos a usuarios remotos autenticados, incluso cuando la opción "Mostrar archivos ocultos" está deshabilitada, a través de los comandos (1) MLSD o (2) MLST. • http://secunia.com/advisories/40370 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2007-5930
https://notcve.org/view.php?id=CVE-2007-5930
10 Nov 2007 — Cross-site scripting (XSS) vulnerability in the web interface in Cerberus FTP Server before 2.46 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el interfaz web del servidor FTP Cerberus anterior al 2.46, permite a atacantes remotos la inyección de secuencias de comandos web o HTML de su elección a través de vectores sin especificar. • http://osvdb.org/38789 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •