VYPR

FTP Server

by Cerberus

CVEs (27)

  • CVE-2017-6880CriMar 17, 2017
    risk 0.68cvss 9.8epss 0.14

    Buffer overflow in Cerberus FTP Server 8.0.10.3 allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long MLST command.

  • CVE-2026-6265HigApr 27, 2026
    risk 0.57cvss 8.8epss 0.00

    Insecure preserved inherited permissions vulnerability in Cerberus FTP Server on Windows allows Privilege Escalation.This issue has been resolved in Cerberus FTP Server: 2026.1

  • CVE-2009-4194HigDec 3, 2009
    risk 0.56cvss 8.1epss 0.03

    Directory traversal vulnerability in Golden FTP Server 4.30 Free and Professional, 4.50, and possibly other versions allows remote authenticated users to delete arbitrary files via a .. (dot dot) in the DELE command. NOTE: some of these details are obtained from third party…

  • CVE-2017-6367HigMar 14, 2017
    risk 0.52cvss 7.5epss 0.09

    In Cerberus FTP Server 8.0.10.1, a crafted HTTP request causes the Windows service to crash. The attack methodology involves a long Host header and an invalid Content-Length header.

  • CVE-2019-25306HigFeb 11, 2026
    risk 0.51cvss 7.8epss 0.00

    BlackMoon FTP Server 3.1.2.1731 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to insert malicious code that would…

  • CVE-2001-0827HigDec 6, 2001
    risk 0.49cvss 7.5epss 0.01

    Cerberus FTP server 1.0 - 1.5 allows remote attackers to cause a denial of service (crash) via a large number of "PASV" requests.

  • CVE-2000-1033Dec 11, 2000
    risk 0.04cvss epss 0.08

    Serv-U FTP Server allows remote attackers to bypass its anti-hammering feature by first logging on as a valid user (possibly anonymous) and then attempting to guess the passwords of other users.

  • CVE-2006-0357Jan 22, 2006
    risk 0.03cvss epss 0.03

    Grant Averett Cerberus FTP Server 2.32, and possibly earlier versions, allows remote attackers to cause an unspecified denial of service via a long string that does not contain a valid FTP command.

  • CVE-2019-25588Mar 22, 2026
    risk 0.00cvss epss 0.00

    BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the DNS Address field that allows local attackers to crash the application by supplying an excessively long string. Attackers can enable the DNS Address option in the Firewall settings and paste a…

  • CVE-2019-25587Mar 22, 2026
    risk 0.00cvss epss 0.00

    BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the Storage-Path configuration parameter that allows local attackers to crash the application by supplying an excessively long string value. Attackers can enable the Override Storage-Path setting…

  • CVE-2025-5635Jun 5, 2025
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical was found in PCMan FTP Server 2.0.7. This vulnerability affects unknown code of the component PLS Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public…

  • CVE-2020-8635Mar 6, 2020
    risk 0.00cvss epss 0.01

    Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on installation directories and configuration files. This allows local users to arbitrarily create FTP users with full privileges, and escalate privileges within the operating system by modifying…

  • CVE-2019-19670Feb 10, 2020
    risk 0.00cvss epss 0.01

    A HTTP Response Splitting vulnerability was identified in the Web Settings Component of Web File Manager in Rumpus FTP Server 8.2.9.1. A successful exploit can result in stored XSS, website defacement, etc. via ExtraHTTPHeader to RAPR/WebSettingsGeneralSet.html.

  • CVE-2019-19661Feb 10, 2020
    risk 0.00cvss epss 0.01

    A Cookie based reflected XSS exists in the Web File Manager of Rumpus FTP Server 8.2.9.1, related to RumpusLoginUserName and snp.

  • CVE-2019-19662Feb 10, 2020
    risk 0.00cvss epss 0.00

    A CSRF vulnerability exists in the Web File Manager's Create/Delete Accounts functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can Create and Delete accounts via RAPR/TriggerServerFunction.html.

  • CVE-2019-19659Feb 10, 2020
    risk 0.00cvss epss 0.00

    A CSRF vulnerability exists in the Web File Manager's Edit Accounts functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can take over a user account by changing the password, update users' details, and escalate privileges via RAPR/DefineUsersSet.html.

  • CVE-2020-5194Jan 14, 2020
    risk 0.00cvss epss 0.01

    The zip API endpoint in Cerberus FTP Server 8 allows an authenticated attacker without zip permission to use the zip functionality via an unrestricted API endpoint. Improper permission verification occurs when calling the file/ajax_download_zip/zip_name endpoint. The result is…

  • CVE-2020-5195Jan 13, 2020
    risk 0.00cvss epss 0.01

    Reflected XSS through an IMG element in Cerberus FTP Server prior to versions 11.0.1 and 10.0.17 allows a remote attacker to execute arbitrary JavaScript or HTML via a crafted public folder URL. This occurs because of the folder_up.png IMG element not properly sanitizing…

  • CVE-2012-6339Dec 31, 2012
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cerberus FTP Server before 5.0.6.0 allow (1) remote attackers to inject arbitrary web script or HTML via a log entry that is not properly handled within the Log Manager component, and…

  • CVE-2012-5301Oct 4, 2012
    risk 0.00cvss epss 0.01

    The default configuration of Cerberus FTP Server before 5.0.4.0 supports the DES cipher for SSH sessions, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and performing a brute-force attack on the encrypted data.

Page 1 of 2