) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:cerberusftp:ftp_server:3.0.5:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2012-6339 |
Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cerberus FTP Server before 5.0.6.0 allow (1) remote attackers to inject arbitrary web script or HTML via a log entry that is not properly handled within the Log Manager component, and might allow (2) remote authenticated administrators to inject arbitrary web script or HTML via a Messages field to the servermanager program. Published: December 31, 2012; 6:50:28 AM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
| CVE-2012-5301 |
The default configuration of Cerberus FTP Server before 5.0.4.0 supports the DES cipher for SSH sessions, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and performing a brute-force attack on the encrypted data. Published: October 04, 2012; 3:55:01 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
| CVE-2012-2999 |
Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in Cerberus FTP Server before 5.0.5.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user account or (2) reconfigure the state of the FTP service, as demonstrated by a request to usermanager/users/modify. Published: October 04, 2012; 3:55:00 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
| CVE-2004-2769 |
Cerberus FTP Server before 4.0.3.0 allows remote authenticated users to list hidden files, even when the "Display hidden files" option is enabled, via the (1) MLSD or (2) MLST commands. Published: July 02, 2010; 4:30:01 PM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |