Vendor CVEs
Cerberus
All CVEs
45 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-6880 | Cri | 0.68 | 9.8 | 0.14 | Mar 17, 2017 | Buffer overflow in Cerberus FTP Server 8.0.10.3 allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long MLST command. | ||
| CVE-2018-0714 | Cri | 0.64 | 9.8 | 0.02 | Aug 13, 2018 | Command injection vulnerability in Helpdesk versions 1.1.21 and earlier in QNAP QTS 4.2.6 build 20180531, QTS 4.3.3 build 20180528, QTS 4.3.4 build 20180528 and their earlier versions could allow remote attackers to run arbitrary commands in the compromised application. | ||
| CVE-2026-6265 | Hig | 0.57 | 8.8 | 0.00 | Apr 27, 2026 | Insecure preserved inherited permissions vulnerability in Cerberus FTP Server on Windows allows Privilege Escalation.This issue has been resolved in Cerberus FTP Server: 2026.1 | ||
| CVE-2009-4194 | Hig | 0.56 | 8.1 | 0.03 | Dec 3, 2009 | Directory traversal vulnerability in Golden FTP Server 4.30 Free and Professional, 4.50, and possibly other versions allows remote authenticated users to delete arbitrary files via a .. (dot dot) in the DELE command. NOTE: some of these details are obtained from third party… | ||
| CVE-2017-6367 | Hig | 0.52 | 7.5 | 0.09 | Mar 14, 2017 | In Cerberus FTP Server 8.0.10.1, a crafted HTTP request causes the Windows service to crash. The attack methodology involves a long Host header and an invalid Content-Length header. | ||
| CVE-2019-25306 | Hig | 0.51 | 7.8 | 0.00 | Feb 11, 2026 | BlackMoon FTP Server 3.1.2.1731 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to insert malicious code that would… | ||
| CVE-2024-5052 | Hig | 0.49 | 7.5 | 0.00 | May 17, 2024 | Denial of Service (DoS) vulnerability for Cerberus Enterprise 8.0.10.3 web administration. The vulnerability exists when the web server, default port 10001, attempts to process a large number of incomplete HTTP requests. | ||
| CVE-2001-0827 | Hig | 0.49 | 7.5 | 0.01 | Dec 6, 2001 | Cerberus FTP server 1.0 - 1.5 allows remote attackers to cause a denial of service (crash) via a large number of "PASV" requests. | ||
| CVE-2001-0702 | 0.04 | — | 0.10 | Sep 20, 2001 | Cerberus FTP 1.5 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long (1) username, (2) password, or (3) PASV command. | |||
| CVE-2000-1033 | 0.04 | — | 0.08 | Dec 11, 2000 | Serv-U FTP Server allows remote attackers to bypass its anti-hammering feature by first logging on as a valid user (possibly anonymous) and then attempting to guess the passwords of other users. | |||
| CVE-2006-6366 | 0.03 | — | 0.02 | Dec 7, 2006 | Cross-site scripting (XSS) vulnerability in includes/elements/spellcheck/spellwin.php in Cerberus Helpdesk 0.97.3, 2.0 through 2.7, 3.2.1, and 3.3 allows remote attackers to inject arbitrary web script or HTML via the js parameter. NOTE: The provenance of this information is… | |||
| CVE-2006-5428 | 0.03 | — | 0.03 | Oct 20, 2006 | rpc.php in Cerberus Helpdesk 3.2.1 does not verify a client's privileges for a display_get_requesters operation, which allows remote attackers to bypass the GUI login and obtain sensitive information (ticket data) via a direct request. | |||
| CVE-2006-0509 | 0.03 | — | 0.02 | Feb 1, 2006 | Multiple cross-site scripting (XSS) vulnerabilities in clients.php in Cerberus Helpdesk, possibly 2.7, allow remote attackers to inject arbitrary web script or HTML via (1) the contact_search parameter and (2) unspecified url fields. | |||
| CVE-2006-0357 | 0.03 | — | 0.03 | Jan 22, 2006 | Grant Averett Cerberus FTP Server 2.32, and possibly earlier versions, allows remote attackers to cause an unspecified denial of service via a long string that does not contain a valid FTP command. | |||
| CVE-2005-4427 | 0.03 | — | 0.03 | Dec 20, 2005 | Multiple SQL injection vulnerabilities in Cerberus Helpdesk allow remote attackers to execute arbitrary SQL commands via the (1) file_id parameter to attachment_send.php, (2) the $addy variable in email_parser.php, (3) $address variable in email_parser.php, (4) $a_address… | |||
| CVE-2019-25588 | 0.00 | — | 0.00 | Mar 22, 2026 | BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the DNS Address field that allows local attackers to crash the application by supplying an excessively long string. Attackers can enable the DNS Address option in the Firewall settings and paste a… | |||
| CVE-2019-25587 | 0.00 | — | 0.00 | Mar 22, 2026 | BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the Storage-Path configuration parameter that allows local attackers to crash the application by supplying an excessively long string value. Attackers can enable the Override Storage-Path setting… | |||
| CVE-2025-5635 | 0.00 | — | 0.01 | Jun 5, 2025 | A vulnerability classified as critical was found in PCMan FTP Server 2.0.7. This vulnerability affects unknown code of the component PLS Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public… | |||
| CVE-2020-2507 | 0.00 | — | 0.03 | Feb 3, 2021 | The vulnerability have been reported to affect earlier versions of QTS. If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3. | |||
| CVE-2018-19946 | 0.00 | — | 0.00 | Sep 11, 2020 | The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this improper certificate validation vulnerability could allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. QNAP has already… | |||
| CVE-2018-19947 | 0.00 | — | 0.01 | Sep 11, 2020 | The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this information exposure vulnerability could disclose sensitive information. QNAP has already fixed the issue in Helpdesk 3.0.3 and later. | |||
| CVE-2018-19948 | 0.00 | — | 0.00 | Sep 11, 2020 | The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this cross-site request forgery (CSRF) vulnerability could allow attackers to force NAS users to execute unintentional actions through a web application. QNAP has already fixed the issue… | |||
| CVE-2020-8635 | 0.00 | — | 0.01 | Mar 6, 2020 | Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on installation directories and configuration files. This allows local users to arbitrarily create FTP users with full privileges, and escalate privileges within the operating system by modifying… | |||
| CVE-2019-19670 | 0.00 | — | 0.01 | Feb 10, 2020 | A HTTP Response Splitting vulnerability was identified in the Web Settings Component of Web File Manager in Rumpus FTP Server 8.2.9.1. A successful exploit can result in stored XSS, website defacement, etc. via ExtraHTTPHeader to RAPR/WebSettingsGeneralSet.html. | |||
| CVE-2019-19661 | 0.00 | — | 0.01 | Feb 10, 2020 | A Cookie based reflected XSS exists in the Web File Manager of Rumpus FTP Server 8.2.9.1, related to RumpusLoginUserName and snp. | |||
| CVE-2019-19662 | 0.00 | — | 0.00 | Feb 10, 2020 | A CSRF vulnerability exists in the Web File Manager's Create/Delete Accounts functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can Create and Delete accounts via RAPR/TriggerServerFunction.html. | |||
| CVE-2019-19659 | 0.00 | — | 0.00 | Feb 10, 2020 | A CSRF vulnerability exists in the Web File Manager's Edit Accounts functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can take over a user account by changing the password, update users' details, and escalate privileges via RAPR/DefineUsersSet.html. | |||
| CVE-2020-5194 | 0.00 | — | 0.01 | Jan 14, 2020 | The zip API endpoint in Cerberus FTP Server 8 allows an authenticated attacker without zip permission to use the zip functionality via an unrestricted API endpoint. Improper permission verification occurs when calling the file/ajax_download_zip/zip_name endpoint. The result is… | |||
| CVE-2020-5195 | 0.00 | — | 0.01 | Jan 13, 2020 | Reflected XSS through an IMG element in Cerberus FTP Server prior to versions 11.0.1 and 10.0.17 allows a remote attacker to execute arbitrary JavaScript or HTML via a crafted public folder URL. This occurs because of the folder_up.png IMG element not properly sanitizing… | |||
| CVE-2017-18486 | 0.00 | — | 0.05 | Aug 9, 2019 | Jitbit Helpdesk before 9.0.3 allows remote attackers to escalate privileges because of mishandling of the User/AutoLogin userHash parameter. By inspecting the token value provided in a password reset link, a user can leverage a weak PRNG to recover the shared secret used by the… | |||
| CVE-2012-6339 | 0.00 | — | 0.01 | Dec 31, 2012 | Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cerberus FTP Server before 5.0.6.0 allow (1) remote attackers to inject arbitrary web script or HTML via a log entry that is not properly handled within the Log Manager component, and… | |||
| CVE-2012-5301 | 0.00 | — | 0.01 | Oct 4, 2012 | The default configuration of Cerberus FTP Server before 5.0.4.0 supports the DES cipher for SSH sessions, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and performing a brute-force attack on the encrypted data. | |||
| CVE-2012-2999 | 0.00 | — | 0.01 | Oct 4, 2012 | Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in Cerberus FTP Server before 5.0.5.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user account or (2) reconfigure the state of the FTP service,… | |||
| CVE-2004-2769 | 0.00 | — | 0.01 | Jul 2, 2010 | Cerberus FTP Server before 4.0.3.0 allows remote authenticated users to list hidden files, even when the "Display hidden files" option is enabled, via the (1) MLSD or (2) MLST commands. | |||
| CVE-2008-6440 | 0.00 | — | 0.01 | Mar 6, 2009 | Cerberus Helpdesk before 4.0 (Build 600) allows remote attackers to obtain sensitive information via direct requests for "controllers ... that aren't standard helpdesk pages," possibly involving the (1) /display and (2) /kb URIs. | |||
| CVE-2007-5930 | 0.00 | — | 0.01 | Nov 10, 2007 | Cross-site scripting (XSS) vulnerability in the web interface in Cerberus FTP Server before 2.46 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2006-4539 | 0.00 | — | 0.02 | Sep 5, 2006 | (1) includes/widgets/module_company_tickets.php and (2) includes/widgets/module_track_tickets.php Client Support Center in Cerberus Helpdesk 3.2 Build 317, and possibly earlier, allows remote attackers to bypass security restrictions and obtain sensitive information via the… | |||
| CVE-2005-4428 | 0.00 | — | 0.01 | Dec 20, 2005 | Cross-site scripting (XSS) vulnerability in index.php in Cerberus Helpdesk allows remote attackers to inject arbitrary web script or HTML via the kb_ask parameter. | |||
| CVE-2005-3502 | 0.00 | — | 0.02 | Nov 5, 2005 | attachment_send.php in Cerberus Helpdesk allows remote attackers to view attachments and tickets of other users via a modified file_id parameter. | |||
| CVE-2005-3467 | 0.00 | — | 0.02 | Nov 2, 2005 | Serv-U FTP Server before 6.1.0.4 allows attackers to cause a denial of service (crash) via (1) malformed packets and possibly other unspecified issues with unknown impact and attack vectors including (2) use of "~" in a pathname, and (3) memory consumption of the daemon. NOTE:… | |||
| CVE-2005-1962 | 0.00 | — | 0.01 | Jun 16, 2005 | Cross-site scripting (XSS) vulnerability in Cerberus Helpdesk 0.97.3 allows remote attackers to inject arbitrary web script or HTML via the (1) errorcode parameter to index.php or (2) certain fields to clients.php. | |||
| CVE-2005-1963 | 0.00 | — | 0.02 | Jun 16, 2005 | Cerberus Helpdesk 0.97.3 allows remote attackers to obtain sensitive information via certain requests to (1) reports.php, (2) knowledgebase.php, or (3) configuration.php, which leaks the information in a PHP error message. | |||
| CVE-2003-1476 | 0.00 | — | 0.00 | Dec 31, 2003 | Cerberus FTP Server 2.1 stores usernames and passwords in plaintext, which could allow local users to gain access. | |||
| CVE-2001-1295 | 0.00 | — | 0.02 | Aug 21, 2001 | Directory traversal vulnerability in Cerberus FTP Server 1.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the CD command. | |||
| CVE-2000-0479 | 0.00 | — | 0.02 | Jun 16, 2000 | Dragon FTP server allows remote attackers to cause a denial of service via a long USER command. |
- risk 0.68cvss 9.8epss 0.14
Buffer overflow in Cerberus FTP Server 8.0.10.3 allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long MLST command.
- risk 0.64cvss 9.8epss 0.02
Command injection vulnerability in Helpdesk versions 1.1.21 and earlier in QNAP QTS 4.2.6 build 20180531, QTS 4.3.3 build 20180528, QTS 4.3.4 build 20180528 and their earlier versions could allow remote attackers to run arbitrary commands in the compromised application.
- risk 0.57cvss 8.8epss 0.00
Insecure preserved inherited permissions vulnerability in Cerberus FTP Server on Windows allows Privilege Escalation.This issue has been resolved in Cerberus FTP Server: 2026.1
- risk 0.56cvss 8.1epss 0.03
Directory traversal vulnerability in Golden FTP Server 4.30 Free and Professional, 4.50, and possibly other versions allows remote authenticated users to delete arbitrary files via a .. (dot dot) in the DELE command. NOTE: some of these details are obtained from third party…
- risk 0.52cvss 7.5epss 0.09
In Cerberus FTP Server 8.0.10.1, a crafted HTTP request causes the Windows service to crash. The attack methodology involves a long Host header and an invalid Content-Length header.
- risk 0.51cvss 7.8epss 0.00
BlackMoon FTP Server 3.1.2.1731 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to insert malicious code that would…
- risk 0.49cvss 7.5epss 0.00
Denial of Service (DoS) vulnerability for Cerberus Enterprise 8.0.10.3 web administration. The vulnerability exists when the web server, default port 10001, attempts to process a large number of incomplete HTTP requests.
- risk 0.49cvss 7.5epss 0.01
Cerberus FTP server 1.0 - 1.5 allows remote attackers to cause a denial of service (crash) via a large number of "PASV" requests.
- CVE-2001-0702Sep 20, 2001risk 0.04cvss —epss 0.10
Cerberus FTP 1.5 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long (1) username, (2) password, or (3) PASV command.
- CVE-2000-1033Dec 11, 2000risk 0.04cvss —epss 0.08
Serv-U FTP Server allows remote attackers to bypass its anti-hammering feature by first logging on as a valid user (possibly anonymous) and then attempting to guess the passwords of other users.
- CVE-2006-6366Dec 7, 2006risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in includes/elements/spellcheck/spellwin.php in Cerberus Helpdesk 0.97.3, 2.0 through 2.7, 3.2.1, and 3.3 allows remote attackers to inject arbitrary web script or HTML via the js parameter. NOTE: The provenance of this information is…
- CVE-2006-5428Oct 20, 2006risk 0.03cvss —epss 0.03
rpc.php in Cerberus Helpdesk 3.2.1 does not verify a client's privileges for a display_get_requesters operation, which allows remote attackers to bypass the GUI login and obtain sensitive information (ticket data) via a direct request.
- CVE-2006-0509Feb 1, 2006risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in clients.php in Cerberus Helpdesk, possibly 2.7, allow remote attackers to inject arbitrary web script or HTML via (1) the contact_search parameter and (2) unspecified url fields.
- CVE-2006-0357Jan 22, 2006risk 0.03cvss —epss 0.03
Grant Averett Cerberus FTP Server 2.32, and possibly earlier versions, allows remote attackers to cause an unspecified denial of service via a long string that does not contain a valid FTP command.
- CVE-2005-4427Dec 20, 2005risk 0.03cvss —epss 0.03
Multiple SQL injection vulnerabilities in Cerberus Helpdesk allow remote attackers to execute arbitrary SQL commands via the (1) file_id parameter to attachment_send.php, (2) the $addy variable in email_parser.php, (3) $address variable in email_parser.php, (4) $a_address…
- CVE-2019-25588Mar 22, 2026risk 0.00cvss —epss 0.00
BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the DNS Address field that allows local attackers to crash the application by supplying an excessively long string. Attackers can enable the DNS Address option in the Firewall settings and paste a…
- CVE-2019-25587Mar 22, 2026risk 0.00cvss —epss 0.00
BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the Storage-Path configuration parameter that allows local attackers to crash the application by supplying an excessively long string value. Attackers can enable the Override Storage-Path setting…
- CVE-2025-5635Jun 5, 2025risk 0.00cvss —epss 0.01
A vulnerability classified as critical was found in PCMan FTP Server 2.0.7. This vulnerability affects unknown code of the component PLS Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public…
- CVE-2020-2507Feb 3, 2021risk 0.00cvss —epss 0.03
The vulnerability have been reported to affect earlier versions of QTS. If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3.
- CVE-2018-19946Sep 11, 2020risk 0.00cvss —epss 0.00
The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this improper certificate validation vulnerability could allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. QNAP has already…
- CVE-2018-19947Sep 11, 2020risk 0.00cvss —epss 0.01
The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this information exposure vulnerability could disclose sensitive information. QNAP has already fixed the issue in Helpdesk 3.0.3 and later.
- CVE-2018-19948Sep 11, 2020risk 0.00cvss —epss 0.00
The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this cross-site request forgery (CSRF) vulnerability could allow attackers to force NAS users to execute unintentional actions through a web application. QNAP has already fixed the issue…
- CVE-2020-8635Mar 6, 2020risk 0.00cvss —epss 0.01
Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on installation directories and configuration files. This allows local users to arbitrarily create FTP users with full privileges, and escalate privileges within the operating system by modifying…
- CVE-2019-19670Feb 10, 2020risk 0.00cvss —epss 0.01
A HTTP Response Splitting vulnerability was identified in the Web Settings Component of Web File Manager in Rumpus FTP Server 8.2.9.1. A successful exploit can result in stored XSS, website defacement, etc. via ExtraHTTPHeader to RAPR/WebSettingsGeneralSet.html.
- CVE-2019-19661Feb 10, 2020risk 0.00cvss —epss 0.01
A Cookie based reflected XSS exists in the Web File Manager of Rumpus FTP Server 8.2.9.1, related to RumpusLoginUserName and snp.
- CVE-2019-19662Feb 10, 2020risk 0.00cvss —epss 0.00
A CSRF vulnerability exists in the Web File Manager's Create/Delete Accounts functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can Create and Delete accounts via RAPR/TriggerServerFunction.html.
- CVE-2019-19659Feb 10, 2020risk 0.00cvss —epss 0.00
A CSRF vulnerability exists in the Web File Manager's Edit Accounts functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can take over a user account by changing the password, update users' details, and escalate privileges via RAPR/DefineUsersSet.html.
- CVE-2020-5194Jan 14, 2020risk 0.00cvss —epss 0.01
The zip API endpoint in Cerberus FTP Server 8 allows an authenticated attacker without zip permission to use the zip functionality via an unrestricted API endpoint. Improper permission verification occurs when calling the file/ajax_download_zip/zip_name endpoint. The result is…
- CVE-2020-5195Jan 13, 2020risk 0.00cvss —epss 0.01
Reflected XSS through an IMG element in Cerberus FTP Server prior to versions 11.0.1 and 10.0.17 allows a remote attacker to execute arbitrary JavaScript or HTML via a crafted public folder URL. This occurs because of the folder_up.png IMG element not properly sanitizing…
- CVE-2017-18486Aug 9, 2019risk 0.00cvss —epss 0.05
Jitbit Helpdesk before 9.0.3 allows remote attackers to escalate privileges because of mishandling of the User/AutoLogin userHash parameter. By inspecting the token value provided in a password reset link, a user can leverage a weak PRNG to recover the shared secret used by the…
- CVE-2012-6339Dec 31, 2012risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cerberus FTP Server before 5.0.6.0 allow (1) remote attackers to inject arbitrary web script or HTML via a log entry that is not properly handled within the Log Manager component, and…
- CVE-2012-5301Oct 4, 2012risk 0.00cvss —epss 0.01
The default configuration of Cerberus FTP Server before 5.0.4.0 supports the DES cipher for SSH sessions, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and performing a brute-force attack on the encrypted data.
- CVE-2012-2999Oct 4, 2012risk 0.00cvss —epss 0.01
Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in Cerberus FTP Server before 5.0.5.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user account or (2) reconfigure the state of the FTP service,…
- CVE-2004-2769Jul 2, 2010risk 0.00cvss —epss 0.01
Cerberus FTP Server before 4.0.3.0 allows remote authenticated users to list hidden files, even when the "Display hidden files" option is enabled, via the (1) MLSD or (2) MLST commands.
- CVE-2008-6440Mar 6, 2009risk 0.00cvss —epss 0.01
Cerberus Helpdesk before 4.0 (Build 600) allows remote attackers to obtain sensitive information via direct requests for "controllers ... that aren't standard helpdesk pages," possibly involving the (1) /display and (2) /kb URIs.
- CVE-2007-5930Nov 10, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the web interface in Cerberus FTP Server before 2.46 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2006-4539Sep 5, 2006risk 0.00cvss —epss 0.02
(1) includes/widgets/module_company_tickets.php and (2) includes/widgets/module_track_tickets.php Client Support Center in Cerberus Helpdesk 3.2 Build 317, and possibly earlier, allows remote attackers to bypass security restrictions and obtain sensitive information via the…
- CVE-2005-4428Dec 20, 2005risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in index.php in Cerberus Helpdesk allows remote attackers to inject arbitrary web script or HTML via the kb_ask parameter.
- CVE-2005-3502Nov 5, 2005risk 0.00cvss —epss 0.02
attachment_send.php in Cerberus Helpdesk allows remote attackers to view attachments and tickets of other users via a modified file_id parameter.
- CVE-2005-3467Nov 2, 2005risk 0.00cvss —epss 0.02
Serv-U FTP Server before 6.1.0.4 allows attackers to cause a denial of service (crash) via (1) malformed packets and possibly other unspecified issues with unknown impact and attack vectors including (2) use of "~" in a pathname, and (3) memory consumption of the daemon. NOTE:…
- CVE-2005-1962Jun 16, 2005risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Cerberus Helpdesk 0.97.3 allows remote attackers to inject arbitrary web script or HTML via the (1) errorcode parameter to index.php or (2) certain fields to clients.php.
- CVE-2005-1963Jun 16, 2005risk 0.00cvss —epss 0.02
Cerberus Helpdesk 0.97.3 allows remote attackers to obtain sensitive information via certain requests to (1) reports.php, (2) knowledgebase.php, or (3) configuration.php, which leaks the information in a PHP error message.
- CVE-2003-1476Dec 31, 2003risk 0.00cvss —epss 0.00
Cerberus FTP Server 2.1 stores usernames and passwords in plaintext, which could allow local users to gain access.
- CVE-2001-1295Aug 21, 2001risk 0.00cvss —epss 0.02
Directory traversal vulnerability in Cerberus FTP Server 1.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the CD command.
- CVE-2000-0479Jun 16, 2000risk 0.00cvss —epss 0.02
Dragon FTP server allows remote attackers to cause a denial of service via a long USER command.