CVSS: 8.8EPSS: 0%CPEs: 97EXPL: 0CVE-2012-2999
https://notcve.org/view.php?id=CVE-2012-2999
04 Oct 2012 — Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in Cerberus FTP Server before 5.0.5.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user account or (2) reconfigure the state of the FTP service, as demonstrated by a request to usermanager/users/modify. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en el interfase web de Cerberus FTP Server anteriores a v5.0.5.0, permite a atacantes remotos ... • http://www.cerberusftp.com/products/releasenotes.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.1EPSS: 0%CPEs: 79EXPL: 0CVE-2004-2769
https://notcve.org/view.php?id=CVE-2004-2769
02 Jul 2010 — Cerberus FTP Server before 4.0.3.0 allows remote authenticated users to list hidden files, even when the "Display hidden files" option is enabled, via the (1) MLSD or (2) MLST commands. Cerberus FTP Server antes de v4.0.3.0 permite listar los archivos ocultos a usuarios remotos autenticados, incluso cuando la opción "Mostrar archivos ocultos" está deshabilitada, a través de los comandos (1) MLSD o (2) MLST. • http://secunia.com/advisories/40370 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 2CVE-2009-3662 – FileCOPA FTP Server 5.01 - 'NOOP' Denial of Service
https://notcve.org/view.php?id=CVE-2009-3662
11 Oct 2009 — FileCopa FTP Server 5.01 allows remote attackers to cause a denial of service (server hang) via a large number of crafted NOOP commands. FileCOPA FTP Server v5.01 permite a atacantes remotos causar una denegación de servicio (el servidor se bloquea) a través de un gran número de comandos NOOP modificados. • https://www.exploit-db.com/exploits/33220 •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 0CVE-2008-0725
https://notcve.org/view.php?id=CVE-2008-0725
12 Feb 2008 — Multiple heap-based buffer overflows in the (1) FTP service and (2) administration service in Titan FTP Server 6.0.5.549 allow remote attackers to cause a denial of service (daemon hang) and possibly execute arbitrary code via a long command. NOTE: the USER and PASS commands for the FTP service are covered by CVE-2008-0702. Múltiples desbordamientos de búfer basados en la memoria libre para la reserva dinámica (heap) en el (1) servicio FTP y (2) servicio de administración de Titan FTP Server 6.0.5.549. Perm... • http://secunia.com/advisories/28760 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2007-5930
https://notcve.org/view.php?id=CVE-2007-5930
10 Nov 2007 — Cross-site scripting (XSS) vulnerability in the web interface in Cerberus FTP Server before 2.46 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el interfaz web del servidor FTP Cerberus anterior al 2.46, permite a atacantes remotos la inyección de secuencias de comandos web o HTML de su elección a través de vectores sin especificar. • http://osvdb.org/38789 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 5%CPEs: 16EXPL: 2CVE-2006-2170
https://notcve.org/view.php?id=CVE-2006-2170
04 May 2006 — Buffer overflow in ArgoSoft FTP Server 1.4.3.6 allows remote attackers to execute arbitrary code via Unicode in the RNTO command, as demonstrated by the Infigo FTPStress Fuzzer. Desbordamiento de búfer en ArgoSoft FTP Server 1.4.3.6 permite a atacantes remotos ejecutar código arbitrario a través de Unicode en el comando RNTO, según lo demostrado por el Infigo FTPStress Fuzzer. • http://archives.neohapsis.com/archives/bugtraq/2006-05/0139.html •
CVSS: 8.8EPSS: 6%CPEs: 3EXPL: 0CVE-2005-0696
https://notcve.org/view.php?id=CVE-2005-0696
08 Mar 2005 — Buffer overflow in ArGoSoft FTP Server 1.4.2.8 allows remote authenticated users to execute arbitrary code via a long DELE command. NOTE: this issue was later reported to also affect 1.4.3.5. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/042523.html •
CVSS: 10.0EPSS: 1%CPEs: 12EXPL: 0CVE-2005-0520
https://notcve.org/view.php?id=CVE-2005-0520
23 Feb 2005 — ArGoSoft FTP Server before 1.4.2.8 allows remote attackers to read arbitrary files via shortcut (.LNK) files in the SITE COPY command, a different vulnerability than CVE-2005-0519. • http://secunia.com/advisories/14372 •
CVSS: 10.0EPSS: 1%CPEs: 12EXPL: 0CVE-2005-0519
https://notcve.org/view.php?id=CVE-2005-0519
18 Feb 2005 — ArGoSoft FTP Server before 1.4.2.7 allows remote attackers to read arbitrary files by uploading a ZIP file containing a shortcut (.LNK) file, using SITE UNZIP to extract the .LNK file onto the server, then accessing the file, a different vulnerability than CVE-2005-0520. • http://secunia.com/advisories/14172 •
CVSS: 5.3EPSS: 1%CPEs: 1EXPL: 0CVE-2004-1428
https://notcve.org/view.php?id=CVE-2004-1428
31 Dec 2004 — ArGoSoft FTP before 1.4.2.1 generates an error message if the user name does not exist instead of prompting for a password, which allows remote attackers to determine valid usernames. • http://marc.info/?l=bugtraq&m=110451582011666&w=2 • CWE-203: Observable Discrepancy •