CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2019-25046 – Cerberus FTP Web Service 11 - 'svg' Stored Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2019-25046
10 Jun 2021 — The Web Client in Cerberus FTP Server Enterprise before 10.0.19 and 11.x before 11.0.4 allows XSS via an SVG document. El Cliente Web en Cerberus FTP Server Enterprise versiones anteriores a 10.0.19 y 11.x versiones anteriores a 11.0.4 permite un XSS por medio de un documento SVG • https://www.exploit-db.com/exploits/49981 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-5194
https://notcve.org/view.php?id=CVE-2020-5194
14 Jan 2020 — The zip API endpoint in Cerberus FTP Server 8 allows an authenticated attacker without zip permission to use the zip functionality via an unrestricted API endpoint. Improper permission verification occurs when calling the file/ajax_download_zip/zip_name endpoint. The result is that a user without permissions can zip and download files even if they do not have permission to view whether the file exists. El endpoint de la API zip en Cerberus FTP Server versión 8, permite a un atacante autenticado sin permiso ... • https://support.cerberusftp.com/hc/en-us/community/topics/360000164199-Announcements • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 1CVE-2020-5196
https://notcve.org/view.php?id=CVE-2020-5196
14 Jan 2020 — Cerberus FTP Server Enterprise Edition prior to versions 11.0.3 and 10.0.18 allows an authenticated attacker to create files, display hidden files, list directories, and list files without the permission to zip and download (or unzip and upload) files. There are multiple ways to bypass certain permissions by utilizing the zip and unzip features. As a result, users without permission can see files, folders, and hidden files, and can create directories without permission. Cerberus FTP Server Enterprise Editio... • https://support.cerberusftp.com/hc/en-us/community/topics/360000164199-Announcements • CWE-276: Incorrect Default Permissions •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-5195
https://notcve.org/view.php?id=CVE-2020-5195
13 Jan 2020 — Reflected XSS through an IMG element in Cerberus FTP Server prior to versions 11.0.1 and 10.0.17 allows a remote attacker to execute arbitrary JavaScript or HTML via a crafted public folder URL. This occurs because of the folder_up.png IMG element not properly sanitizing user-inserted directory paths. The path modification must be done on a publicly shared folder for a remote attacker to insert arbitrary JavaScript or HTML. The vulnerability impacts anyone who clicks the malicious link crafted by the attack... • https://support.cerberusftp.com/hc/en-us/community/topics/360000164199-Announcements • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 52%CPEs: 1EXPL: 2CVE-2017-6367 – Cerberus FTP Server 8.0.10.1 - Denial of Service
https://notcve.org/view.php?id=CVE-2017-6367
13 Mar 2017 — In Cerberus FTP Server 8.0.10.1, a crafted HTTP request causes the Windows service to crash. The attack methodology involves a long Host header and an invalid Content-Length header. En Cerberus FTP Server 8.0.10.1, una petición HTTP manipulada provoca que el servicio de Windows se caiga. La metodología de ataque involucra una larga cabecera Host y una cabecera Content-Length no válida. Cerberus FTP Server version 8.0.10.1 suffers from a denial of service vulnerability. • https://packetstorm.news/files/id/141608 • CWE-20: Improper Input Validation •
CVSS: 4.8EPSS: 0%CPEs: 132EXPL: 1CVE-2012-6339
https://notcve.org/view.php?id=CVE-2012-6339
31 Dec 2012 — Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cerberus FTP Server before 5.0.6.0 allow (1) remote attackers to inject arbitrary web script or HTML via a log entry that is not properly handled within the Log Manager component, and might allow (2) remote authenticated administrators to inject arbitrary web script or HTML via a Messages field to the servermanager program. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en l... • http://archives.neohapsis.com/archives/bugtraq/2012-12/0118.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 126EXPL: 0CVE-2012-5301
https://notcve.org/view.php?id=CVE-2012-5301
04 Oct 2012 — The default configuration of Cerberus FTP Server before 5.0.4.0 supports the DES cipher for SSH sessions, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and performing a brute-force attack on the encrypted data. La configuración por defecto de Cerberus FTP Server anteriores a v5.0.4.0 soporta el cifrado DES para sesiones SSH, lo que facilita a atacantes remotos obtener información sensible espiando la red y realizando un ataque de fuerza bruta sobre los da... • http://www.cerberusftp.com/products/releasenotes.html • CWE-310: Cryptographic Issues •
CVSS: 8.8EPSS: 0%CPEs: 97EXPL: 0CVE-2012-2999
https://notcve.org/view.php?id=CVE-2012-2999
04 Oct 2012 — Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in Cerberus FTP Server before 5.0.5.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user account or (2) reconfigure the state of the FTP service, as demonstrated by a request to usermanager/users/modify. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en el interfase web de Cerberus FTP Server anteriores a v5.0.5.0, permite a atacantes remotos ... • http://www.cerberusftp.com/products/releasenotes.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.1EPSS: 0%CPEs: 79EXPL: 0CVE-2004-2769
https://notcve.org/view.php?id=CVE-2004-2769
02 Jul 2010 — Cerberus FTP Server before 4.0.3.0 allows remote authenticated users to list hidden files, even when the "Display hidden files" option is enabled, via the (1) MLSD or (2) MLST commands. Cerberus FTP Server antes de v4.0.3.0 permite listar los archivos ocultos a usuarios remotos autenticados, incluso cuando la opción "Mostrar archivos ocultos" está deshabilitada, a través de los comandos (1) MLSD o (2) MLST. • http://secunia.com/advisories/40370 • CWE-264: Permissions, Privileges, and Access Controls •