VYPR
Vendor

Cerberus

Products
4
CVEs
45
Across products
45
Status
Private

Products

4

Recent CVEs

45
View all 45 CVEs →
  • CVE-2017-6880CriMar 17, 2017
    risk 0.68cvss 9.8epss 0.14

    Buffer overflow in Cerberus FTP Server 8.0.10.3 allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long MLST command.

  • CVE-2018-0714CriAug 13, 2018
    risk 0.64cvss 9.8epss 0.02

    Command injection vulnerability in Helpdesk versions 1.1.21 and earlier in QNAP QTS 4.2.6 build 20180531, QTS 4.3.3 build 20180528, QTS 4.3.4 build 20180528 and their earlier versions could allow remote attackers to run arbitrary commands in the compromised application.

  • CVE-2026-6265HigApr 27, 2026
    risk 0.57cvss 8.8epss 0.00

    Insecure preserved inherited permissions vulnerability in Cerberus FTP Server on Windows allows Privilege Escalation.This issue has been resolved in Cerberus FTP Server: 2026.1

  • CVE-2009-4194HigDec 3, 2009
    risk 0.56cvss 8.1epss 0.03

    Directory traversal vulnerability in Golden FTP Server 4.30 Free and Professional, 4.50, and possibly other versions allows remote authenticated users to delete arbitrary files via a .. (dot dot) in the DELE command. NOTE: some of these details are obtained from third party…

  • CVE-2017-6367HigMar 14, 2017
    risk 0.52cvss 7.5epss 0.09

    In Cerberus FTP Server 8.0.10.1, a crafted HTTP request causes the Windows service to crash. The attack methodology involves a long Host header and an invalid Content-Length header.

  • CVE-2019-25306HigFeb 11, 2026
    risk 0.51cvss 7.8epss 0.00

    BlackMoon FTP Server 3.1.2.1731 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to insert malicious code that would…

  • CVE-2024-5052HigMay 17, 2024
    risk 0.49cvss 7.5epss 0.00

    Denial of Service (DoS) vulnerability for Cerberus Enterprise 8.0.10.3 web administration. The vulnerability exists when the web server, default port 10001, attempts to process a large number of incomplete HTTP requests.

  • CVE-2001-0827HigDec 6, 2001
    risk 0.49cvss 7.5epss 0.01

    Cerberus FTP server 1.0 - 1.5 allows remote attackers to cause a denial of service (crash) via a large number of "PASV" requests.

  • CVE-2001-0702Sep 20, 2001
    risk 0.04cvss epss 0.10

    Cerberus FTP 1.5 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long (1) username, (2) password, or (3) PASV command.

  • CVE-2000-1033Dec 11, 2000
    risk 0.04cvss epss 0.08

    Serv-U FTP Server allows remote attackers to bypass its anti-hammering feature by first logging on as a valid user (possibly anonymous) and then attempting to guess the passwords of other users.

  • CVE-2006-6366Dec 7, 2006
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in includes/elements/spellcheck/spellwin.php in Cerberus Helpdesk 0.97.3, 2.0 through 2.7, 3.2.1, and 3.3 allows remote attackers to inject arbitrary web script or HTML via the js parameter. NOTE: The provenance of this information is…

  • CVE-2006-5428Oct 20, 2006
    risk 0.03cvss epss 0.03

    rpc.php in Cerberus Helpdesk 3.2.1 does not verify a client's privileges for a display_get_requesters operation, which allows remote attackers to bypass the GUI login and obtain sensitive information (ticket data) via a direct request.

  • CVE-2006-0509Feb 1, 2006
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in clients.php in Cerberus Helpdesk, possibly 2.7, allow remote attackers to inject arbitrary web script or HTML via (1) the contact_search parameter and (2) unspecified url fields.

  • CVE-2006-0357Jan 22, 2006
    risk 0.03cvss epss 0.03

    Grant Averett Cerberus FTP Server 2.32, and possibly earlier versions, allows remote attackers to cause an unspecified denial of service via a long string that does not contain a valid FTP command.

  • CVE-2005-4427Dec 20, 2005
    risk 0.03cvss epss 0.03

    Multiple SQL injection vulnerabilities in Cerberus Helpdesk allow remote attackers to execute arbitrary SQL commands via the (1) file_id parameter to attachment_send.php, (2) the $addy variable in email_parser.php, (3) $address variable in email_parser.php, (4) $a_address…

  • CVE-2019-25588Mar 22, 2026
    risk 0.00cvss epss 0.00

    BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the DNS Address field that allows local attackers to crash the application by supplying an excessively long string. Attackers can enable the DNS Address option in the Firewall settings and paste a…

  • CVE-2019-25587Mar 22, 2026
    risk 0.00cvss epss 0.00

    BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the Storage-Path configuration parameter that allows local attackers to crash the application by supplying an excessively long string value. Attackers can enable the Override Storage-Path setting…

  • CVE-2025-5635Jun 5, 2025
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical was found in PCMan FTP Server 2.0.7. This vulnerability affects unknown code of the component PLS Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public…

  • CVE-2020-2507Feb 3, 2021
    risk 0.00cvss epss 0.03

    The vulnerability have been reported to affect earlier versions of QTS. If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3.

  • CVE-2018-19946Sep 11, 2020
    risk 0.00cvss epss 0.00

    The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this improper certificate validation vulnerability could allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. QNAP has already…