Vulnerabilities > Cerberusftp

DATE CVE VULNERABILITY TITLE RISK
2021-06-10 CVE-2019-25046 Cross-site Scripting vulnerability in Cerberusftp FTP Server
The Web Client in Cerberus FTP Server Enterprise before 10.0.19 and 11.x before 11.0.4 allows XSS via an SVG document.
4.3
2020-01-14 CVE-2020-5196 Incorrect Default Permissions vulnerability in Cerberusftp FTP Server
Cerberus FTP Server Enterprise Edition prior to versions 11.0.3 and 10.0.18 allows an authenticated attacker to create files, display hidden files, list directories, and list files without the permission to zip and download (or unzip and upload) files.
network
low complexity
cerberusftp CWE-276
5.5
2020-01-14 CVE-2020-5194 Incorrect Authorization vulnerability in Cerberusftp FTP Server 8.0
The zip API endpoint in Cerberus FTP Server 8 allows an authenticated attacker without zip permission to use the zip functionality via an unrestricted API endpoint.
network
low complexity
cerberusftp CWE-863
5.5
2020-01-13 CVE-2020-5195 Cross-site Scripting vulnerability in Cerberusftp FTP Server
Reflected XSS through an IMG element in Cerberus FTP Server prior to versions 11.0.1 and 10.0.17 allows a remote attacker to execute arbitrary JavaScript or HTML via a crafted public folder URL.
4.3
2017-03-14 CVE-2017-6367 Improper Input Validation vulnerability in Cerberusftp FTP Server 8.0.10.1
In Cerberus FTP Server 8.0.10.1, a crafted HTTP request causes the Windows service to crash.
network
low complexity
cerberusftp CWE-20
5.0
2012-12-31 CVE-2012-6339 Cross-Site Scripting vulnerability in Cerberusftp FTP Server
Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cerberus FTP Server before 5.0.6.0 allow (1) remote attackers to inject arbitrary web script or HTML via a log entry that is not properly handled within the Log Manager component, and might allow (2) remote authenticated administrators to inject arbitrary web script or HTML via a Messages field to the servermanager program.
4.3
2012-10-04 CVE-2012-5301 Cryptographic Issues vulnerability in Cerberusftp FTP Server
The default configuration of Cerberus FTP Server before 5.0.4.0 supports the DES cipher for SSH sessions, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and performing a brute-force attack on the encrypted data.
network
low complexity
cerberusftp CWE-310
5.0
2012-10-04 CVE-2012-2999 Cross-Site Request Forgery (CSRF) vulnerability in Cerberusftp FTP Server
Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in Cerberus FTP Server before 5.0.5.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user account or (2) reconfigure the state of the FTP service, as demonstrated by a request to usermanager/users/modify.
6.8
2010-07-02 CVE-2004-2769 Permissions, Privileges, and Access Controls vulnerability in Cerberusftp FTP Server
Cerberus FTP Server before 4.0.3.0 allows remote authenticated users to list hidden files, even when the "Display hidden files" option is enabled, via the (1) MLSD or (2) MLST commands.
network
low complexity
cerberusftp CWE-264
4.0