Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
21 vulnerabilities by cerberusftp
CVE-2026-6265 (GCVE-0-2026-6265)
Vulnerability from nvd – Published: 2026-04-27 13:00 – Updated: 2026-04-27 13:58- CWE-278 - Insecure preserved inherited permissions
| URL | Tags |
|---|---|
| https://www.cerberusftp.com/releasenotes/ | release-notes |
| https://labs.reversec.com/advisories/2026/04/cerb… | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Cerberus | Cerberus FTP Server |
Affected:
0 , ≤ 2025.4.2
(custom)
Unaffected: 2026.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-6265",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-27T13:58:10.924454Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-27T13:58:14.228Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://labs.reversec.com/advisories/2026/04/cerberus-ftp-server-elevation-of-privileges"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Cerberus FTP Server",
"vendor": "Cerberus",
"versions": [
{
"lessThanOrEqual": "2025.4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "2026.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sharan Patil with Reversec"
}
],
"datePublic": "2026-04-27T11:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insecure preserved inherited permissions vulnerability in Cerberus FTP Server on Windows allows Privilege Escalation.\u003cp\u003eThis issue has been resolved in Cerberus FTP Server: 2026.1\u003c/p\u003e"
}
],
"value": "Insecure preserved inherited permissions vulnerability in Cerberus FTP Server on Windows allows Privilege Escalation.This issue has been resolved in Cerberus FTP Server: 2026.1"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-278",
"description": "CWE-278 Insecure preserved inherited permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-27T13:00:10.309Z",
"orgId": "db4dfee8-a97e-4877-bfae-eba6d14a2166",
"shortName": "NCSC-FI"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://www.cerberusftp.com/releasenotes/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://labs.reversec.com/advisories/2026/04/cerberus-ftp-server-elevation-of-privileges"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Local Privilege Escalation in Cerberus FTP Server =\u003c 2025.4.2",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "db4dfee8-a97e-4877-bfae-eba6d14a2166",
"assignerShortName": "NCSC-FI",
"cveId": "CVE-2026-6265",
"datePublished": "2026-04-27T13:00:10.309Z",
"dateReserved": "2026-04-14T05:18:04.414Z",
"dateUpdated": "2026-04-27T13:58:14.228Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-25046 (GCVE-0-2019-25046)
Vulnerability from nvd – Published: 2021-06-10 11:39 – Updated: 2024-08-05 03:00- n/a
| URL | Tags |
|---|---|
| https://www.cerberusftp.com/products/releasenotes/ | x_refsource_MISC |
| https://www.cerberusftp.com/xss-vulnerability-whe… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:00:18.895Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cerberusftp.com/products/releasenotes/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cerberusftp.com/xss-vulnerability-when-previewing-svg-content/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Web Client in Cerberus FTP Server Enterprise before 10.0.19 and 11.x before 11.0.4 allows XSS via an SVG document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-10T11:39:28.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cerberusftp.com/products/releasenotes/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cerberusftp.com/xss-vulnerability-when-previewing-svg-content/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-25046",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Web Client in Cerberus FTP Server Enterprise before 10.0.19 and 11.x before 11.0.4 allows XSS via an SVG document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cerberusftp.com/products/releasenotes/",
"refsource": "MISC",
"url": "https://www.cerberusftp.com/products/releasenotes/"
},
{
"name": "https://www.cerberusftp.com/xss-vulnerability-when-previewing-svg-content/",
"refsource": "MISC",
"url": "https://www.cerberusftp.com/xss-vulnerability-when-previewing-svg-content/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-25046",
"datePublished": "2021-06-10T11:39:28.000Z",
"dateReserved": "2021-06-10T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:00:18.895Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5194 (GCVE-0-2020-5194)
Vulnerability from nvd – Published: 2020-01-14 13:34 – Updated: 2024-08-04 08:22- n/a
| URL | Tags |
|---|---|
| https://support.cerberusftp.com/hc/en-us/communit… | x_refsource_MISC |
| https://www.doyler.net/security-not-included/cerb… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:22:08.655Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.cerberusftp.com/hc/en-us/community/topics/360000164199-Announcements"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.doyler.net/security-not-included/cerberus-ftp-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The zip API endpoint in Cerberus FTP Server 8 allows an authenticated attacker without zip permission to use the zip functionality via an unrestricted API endpoint. Improper permission verification occurs when calling the file/ajax_download_zip/zip_name endpoint. The result is that a user without permissions can zip and download files even if they do not have permission to view whether the file exists."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-14T13:34:18.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.cerberusftp.com/hc/en-us/community/topics/360000164199-Announcements"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.doyler.net/security-not-included/cerberus-ftp-vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-5194",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The zip API endpoint in Cerberus FTP Server 8 allows an authenticated attacker without zip permission to use the zip functionality via an unrestricted API endpoint. Improper permission verification occurs when calling the file/ajax_download_zip/zip_name endpoint. The result is that a user without permissions can zip and download files even if they do not have permission to view whether the file exists."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cerberusftp.com/hc/en-us/community/topics/360000164199-Announcements",
"refsource": "MISC",
"url": "https://support.cerberusftp.com/hc/en-us/community/topics/360000164199-Announcements"
},
{
"name": "https://www.doyler.net/security-not-included/cerberus-ftp-vulnerabilities",
"refsource": "MISC",
"url": "https://www.doyler.net/security-not-included/cerberus-ftp-vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-5194",
"datePublished": "2020-01-14T13:34:06.000Z",
"dateReserved": "2020-01-02T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:22:08.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5196 (GCVE-0-2020-5196)
Vulnerability from nvd – Published: 2020-01-14 13:29 – Updated: 2024-08-04 08:22- n/a
| URL | Tags |
|---|---|
| https://support.cerberusftp.com/hc/en-us/communit… | x_refsource_MISC |
| https://www.doyler.net/security-not-included/cerb… | x_refsource_MISC |
| https://www.cerberusftp.com/zip-unzip-permission-… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:22:08.917Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.cerberusftp.com/hc/en-us/community/topics/360000164199-Announcements"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.doyler.net/security-not-included/cerberus-ftp-vulnerabilities"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cerberusftp.com/zip-unzip-permission-bypass-vulnerability-fixed-in-cerberus-ftp-server-versions-11-0-3-and-10-0-18/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cerberus FTP Server Enterprise Edition prior to versions 11.0.3 and 10.0.18 allows an authenticated attacker to create files, display hidden files, list directories, and list files without the permission to zip and download (or unzip and upload) files. There are multiple ways to bypass certain permissions by utilizing the zip and unzip features. As a result, users without permission can see files, folders, and hidden files, and can create directories without permission."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-14T13:29:15.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.cerberusftp.com/hc/en-us/community/topics/360000164199-Announcements"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.doyler.net/security-not-included/cerberus-ftp-vulnerabilities"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cerberusftp.com/zip-unzip-permission-bypass-vulnerability-fixed-in-cerberus-ftp-server-versions-11-0-3-and-10-0-18/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-5196",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cerberus FTP Server Enterprise Edition prior to versions 11.0.3 and 10.0.18 allows an authenticated attacker to create files, display hidden files, list directories, and list files without the permission to zip and download (or unzip and upload) files. There are multiple ways to bypass certain permissions by utilizing the zip and unzip features. As a result, users without permission can see files, folders, and hidden files, and can create directories without permission."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cerberusftp.com/hc/en-us/community/topics/360000164199-Announcements",
"refsource": "MISC",
"url": "https://support.cerberusftp.com/hc/en-us/community/topics/360000164199-Announcements"
},
{
"name": "https://www.doyler.net/security-not-included/cerberus-ftp-vulnerabilities",
"refsource": "MISC",
"url": "https://www.doyler.net/security-not-included/cerberus-ftp-vulnerabilities"
},
{
"name": "https://www.cerberusftp.com/zip-unzip-permission-bypass-vulnerability-fixed-in-cerberus-ftp-server-versions-11-0-3-and-10-0-18/",
"refsource": "MISC",
"url": "https://www.cerberusftp.com/zip-unzip-permission-bypass-vulnerability-fixed-in-cerberus-ftp-server-versions-11-0-3-and-10-0-18/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-5196",
"datePublished": "2020-01-14T13:29:01.000Z",
"dateReserved": "2020-01-02T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:22:08.917Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5195 (GCVE-0-2020-5195)
Vulnerability from nvd – Published: 2020-01-13 17:29 – Updated: 2024-08-04 08:22- n/a
| URL | Tags |
|---|---|
| https://support.cerberusftp.com/hc/en-us/communit… | x_refsource_MISC |
| https://www.doyler.net/security-not-included/cerb… | x_refsource_MISC |
| https://www.cerberusftp.com/xss-vulnerability-in-… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:22:08.910Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.cerberusftp.com/hc/en-us/community/topics/360000164199-Announcements"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.doyler.net/security-not-included/cerberus-ftp-vulnerabilities"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cerberusftp.com/xss-vulnerability-in-public-shares-fixed-in-cerberus-ftp-server-version-11-0-1-and-10-0-17/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Reflected XSS through an IMG element in Cerberus FTP Server prior to versions 11.0.1 and 10.0.17 allows a remote attacker to execute arbitrary JavaScript or HTML via a crafted public folder URL. This occurs because of the folder_up.png IMG element not properly sanitizing user-inserted directory paths. The path modification must be done on a publicly shared folder for a remote attacker to insert arbitrary JavaScript or HTML. The vulnerability impacts anyone who clicks the malicious link crafted by the attacker."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-13T17:29:47.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.cerberusftp.com/hc/en-us/community/topics/360000164199-Announcements"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.doyler.net/security-not-included/cerberus-ftp-vulnerabilities"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cerberusftp.com/xss-vulnerability-in-public-shares-fixed-in-cerberus-ftp-server-version-11-0-1-and-10-0-17/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-5195",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Reflected XSS through an IMG element in Cerberus FTP Server prior to versions 11.0.1 and 10.0.17 allows a remote attacker to execute arbitrary JavaScript or HTML via a crafted public folder URL. This occurs because of the folder_up.png IMG element not properly sanitizing user-inserted directory paths. The path modification must be done on a publicly shared folder for a remote attacker to insert arbitrary JavaScript or HTML. The vulnerability impacts anyone who clicks the malicious link crafted by the attacker."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cerberusftp.com/hc/en-us/community/topics/360000164199-Announcements",
"refsource": "MISC",
"url": "https://support.cerberusftp.com/hc/en-us/community/topics/360000164199-Announcements"
},
{
"name": "https://www.doyler.net/security-not-included/cerberus-ftp-vulnerabilities",
"refsource": "MISC",
"url": "https://www.doyler.net/security-not-included/cerberus-ftp-vulnerabilities"
},
{
"name": "https://www.cerberusftp.com/xss-vulnerability-in-public-shares-fixed-in-cerberus-ftp-server-version-11-0-1-and-10-0-17/",
"refsource": "MISC",
"url": "https://www.cerberusftp.com/xss-vulnerability-in-public-shares-fixed-in-cerberus-ftp-server-version-11-0-1-and-10-0-17/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-5195",
"datePublished": "2020-01-13T17:29:36.000Z",
"dateReserved": "2020-01-02T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:22:08.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6367 (GCVE-0-2017-6367)
Vulnerability from nvd – Published: 2017-03-14 09:02 – Updated: 2024-08-05 15:25- n/a
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/96887 | vdb-entryx_refsource_BID |
| https://www.exploit-db.com/exploits/41596/ | exploitx_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:25:49.115Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96887",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96887"
},
{
"name": "41596",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/41596/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Cerberus FTP Server 8.0.10.1, a crafted HTTP request causes the Windows service to crash. The attack methodology involves a long Host header and an invalid Content-Length header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-16T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "96887",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96887"
},
{
"name": "41596",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/41596/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6367",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Cerberus FTP Server 8.0.10.1, a crafted HTTP request causes the Windows service to crash. The attack methodology involves a long Host header and an invalid Content-Length header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96887",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96887"
},
{
"name": "41596",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41596/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6367",
"datePublished": "2017-03-14T09:02:00.000Z",
"dateReserved": "2017-02-28T00:00:00.000Z",
"dateUpdated": "2024-08-05T15:25:49.115Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6339 (GCVE-0-2012-6339)
Vulnerability from nvd – Published: 2012-12-31 11:00 – Updated: 2024-09-16 20:16- n/a
| URL | Tags |
|---|---|
| http://sadgeeksinsnow.blogspot.com/2012/12/persis… | x_refsource_MISC |
| http://www.cerberusftp.com/products/releasenotes.html | x_refsource_CONFIRM |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sadgeeksinsnow.blogspot.com/2012/12/persistence-is-key-another-bug-hunt.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cerberusftp.com/products/releasenotes.html"
},
{
"name": "20121219 Multiple XSS vulnerabilities in Cerberus FTP Server \u003c= 5.0.5.1 [CVE-2012-6339]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0118.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cerberus FTP Server before 5.0.6.0 allow (1) remote attackers to inject arbitrary web script or HTML via a log entry that is not properly handled within the Log Manager component, and might allow (2) remote authenticated administrators to inject arbitrary web script or HTML via a Messages field to the servermanager program."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-12-31T11:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sadgeeksinsnow.blogspot.com/2012/12/persistence-is-key-another-bug-hunt.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cerberusftp.com/products/releasenotes.html"
},
{
"name": "20121219 Multiple XSS vulnerabilities in Cerberus FTP Server \u003c= 5.0.5.1 [CVE-2012-6339]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0118.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6339",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cerberus FTP Server before 5.0.6.0 allow (1) remote attackers to inject arbitrary web script or HTML via a log entry that is not properly handled within the Log Manager component, and might allow (2) remote authenticated administrators to inject arbitrary web script or HTML via a Messages field to the servermanager program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sadgeeksinsnow.blogspot.com/2012/12/persistence-is-key-another-bug-hunt.html",
"refsource": "MISC",
"url": "http://sadgeeksinsnow.blogspot.com/2012/12/persistence-is-key-another-bug-hunt.html"
},
{
"name": "http://www.cerberusftp.com/products/releasenotes.html",
"refsource": "CONFIRM",
"url": "http://www.cerberusftp.com/products/releasenotes.html"
},
{
"name": "20121219 Multiple XSS vulnerabilities in Cerberus FTP Server \u003c= 5.0.5.1 [CVE-2012-6339]",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0118.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6339",
"datePublished": "2012-12-31T11:00:00.000Z",
"dateReserved": "2012-12-13T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:16:37.402Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5301 (GCVE-0-2012-5301)
Vulnerability from nvd – Published: 2012-10-04 19:00 – Updated: 2024-08-06 21:05- n/a
| URL | Tags |
|---|---|
| http://www.cerberusftp.com/products/releasenotes.html | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:45.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cerberusftp.com/products/releasenotes.html"
},
{
"name": "cerberus-ftp-info-disclosure(79503)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79503"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-06-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The default configuration of Cerberus FTP Server before 5.0.4.0 supports the DES cipher for SSH sessions, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and performing a brute-force attack on the encrypted data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cerberusftp.com/products/releasenotes.html"
},
{
"name": "cerberus-ftp-info-disclosure(79503)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79503"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5301",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of Cerberus FTP Server before 5.0.4.0 supports the DES cipher for SSH sessions, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and performing a brute-force attack on the encrypted data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cerberusftp.com/products/releasenotes.html",
"refsource": "CONFIRM",
"url": "http://www.cerberusftp.com/products/releasenotes.html"
},
{
"name": "cerberus-ftp-info-disclosure(79503)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79503"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-5301",
"datePublished": "2012-10-04T19:00:00.000Z",
"dateReserved": "2012-10-04T00:00:00.000Z",
"dateUpdated": "2024-08-06T21:05:45.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2999 (GCVE-0-2012-2999)
Vulnerability from nvd – Published: 2012-10-04 19:00 – Updated: 2024-08-06 19:50- n/a
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/989684 | third-party-advisoryx_refsource_CERT-VN |
| http://www.cerberusftp.com/products/releasenotes.html | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/55788 | vdb-entryx_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:50:05.454Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#989684",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/989684"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cerberusftp.com/products/releasenotes.html"
},
{
"name": "55788",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55788"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in Cerberus FTP Server before 5.0.5.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user account or (2) reconfigure the state of the FTP service, as demonstrated by a request to usermanager/users/modify."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-07T10:00:00.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#989684",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/989684"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cerberusftp.com/products/releasenotes.html"
},
{
"name": "55788",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55788"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-2999",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in Cerberus FTP Server before 5.0.5.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user account or (2) reconfigure the state of the FTP service, as demonstrated by a request to usermanager/users/modify."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#989684",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/989684"
},
{
"name": "http://www.cerberusftp.com/products/releasenotes.html",
"refsource": "CONFIRM",
"url": "http://www.cerberusftp.com/products/releasenotes.html"
},
{
"name": "55788",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55788"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2012-2999",
"datePublished": "2012-10-04T19:00:00.000Z",
"dateReserved": "2012-05-30T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:50:05.454Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2769 (GCVE-0-2004-2769)
Vulnerability from nvd – Published: 2010-07-02 20:00 – Updated: 2024-09-17 04:23- n/a
| URL | Tags |
|---|---|
| http://secunia.com/advisories/40370 | third-party-advisoryx_refsource_SECUNIA |
| http://www.cerberusftp.com/phpBB3/viewtopic.php?f… | x_refsource_CONFIRM |
| http://www.cerberusftp.com/releasenotes.html | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/41285 | vdb-entryx_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:36:25.437Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "40370",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40370"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cerberusftp.com/phpBB3/viewtopic.php?f=4\u0026t=644"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cerberusftp.com/releasenotes.html"
},
{
"name": "41285",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/41285"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cerberus FTP Server before 4.0.3.0 allows remote authenticated users to list hidden files, even when the \"Display hidden files\" option is enabled, via the (1) MLSD or (2) MLST commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-07-02T20:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "40370",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40370"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cerberusftp.com/phpBB3/viewtopic.php?f=4\u0026t=644"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cerberusftp.com/releasenotes.html"
},
{
"name": "41285",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/41285"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2769",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cerberus FTP Server before 4.0.3.0 allows remote authenticated users to list hidden files, even when the \"Display hidden files\" option is enabled, via the (1) MLSD or (2) MLST commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40370",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40370"
},
{
"name": "http://www.cerberusftp.com/phpBB3/viewtopic.php?f=4\u0026t=644",
"refsource": "CONFIRM",
"url": "http://www.cerberusftp.com/phpBB3/viewtopic.php?f=4\u0026t=644"
},
{
"name": "http://www.cerberusftp.com/releasenotes.html",
"refsource": "CONFIRM",
"url": "http://www.cerberusftp.com/releasenotes.html"
},
{
"name": "41285",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41285"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2769",
"datePublished": "2010-07-02T20:00:00.000Z",
"dateReserved": "2010-07-02T00:00:00.000Z",
"dateUpdated": "2024-09-17T04:23:58.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-6265 (GCVE-0-2026-6265)
Vulnerability from cvelistv5 – Published: 2026-04-27 13:00 – Updated: 2026-04-27 13:58- CWE-278 - Insecure preserved inherited permissions
| URL | Tags |
|---|---|
| https://www.cerberusftp.com/releasenotes/ | release-notes |
| https://labs.reversec.com/advisories/2026/04/cerb… | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Cerberus | Cerberus FTP Server |
Affected:
0 , ≤ 2025.4.2
(custom)
Unaffected: 2026.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-6265",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-27T13:58:10.924454Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-27T13:58:14.228Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://labs.reversec.com/advisories/2026/04/cerberus-ftp-server-elevation-of-privileges"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Cerberus FTP Server",
"vendor": "Cerberus",
"versions": [
{
"lessThanOrEqual": "2025.4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "2026.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sharan Patil with Reversec"
}
],
"datePublic": "2026-04-27T11:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insecure preserved inherited permissions vulnerability in Cerberus FTP Server on Windows allows Privilege Escalation.\u003cp\u003eThis issue has been resolved in Cerberus FTP Server: 2026.1\u003c/p\u003e"
}
],
"value": "Insecure preserved inherited permissions vulnerability in Cerberus FTP Server on Windows allows Privilege Escalation.This issue has been resolved in Cerberus FTP Server: 2026.1"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-278",
"description": "CWE-278 Insecure preserved inherited permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-27T13:00:10.309Z",
"orgId": "db4dfee8-a97e-4877-bfae-eba6d14a2166",
"shortName": "NCSC-FI"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://www.cerberusftp.com/releasenotes/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://labs.reversec.com/advisories/2026/04/cerberus-ftp-server-elevation-of-privileges"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Local Privilege Escalation in Cerberus FTP Server =\u003c 2025.4.2",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "db4dfee8-a97e-4877-bfae-eba6d14a2166",
"assignerShortName": "NCSC-FI",
"cveId": "CVE-2026-6265",
"datePublished": "2026-04-27T13:00:10.309Z",
"dateReserved": "2026-04-14T05:18:04.414Z",
"dateUpdated": "2026-04-27T13:58:14.228Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-25046 (GCVE-0-2019-25046)
Vulnerability from cvelistv5 – Published: 2021-06-10 11:39 – Updated: 2024-08-05 03:00- n/a
| URL | Tags |
|---|---|
| https://www.cerberusftp.com/products/releasenotes/ | x_refsource_MISC |
| https://www.cerberusftp.com/xss-vulnerability-whe… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:00:18.895Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cerberusftp.com/products/releasenotes/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cerberusftp.com/xss-vulnerability-when-previewing-svg-content/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Web Client in Cerberus FTP Server Enterprise before 10.0.19 and 11.x before 11.0.4 allows XSS via an SVG document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-10T11:39:28.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cerberusftp.com/products/releasenotes/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cerberusftp.com/xss-vulnerability-when-previewing-svg-content/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-25046",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Web Client in Cerberus FTP Server Enterprise before 10.0.19 and 11.x before 11.0.4 allows XSS via an SVG document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cerberusftp.com/products/releasenotes/",
"refsource": "MISC",
"url": "https://www.cerberusftp.com/products/releasenotes/"
},
{
"name": "https://www.cerberusftp.com/xss-vulnerability-when-previewing-svg-content/",
"refsource": "MISC",
"url": "https://www.cerberusftp.com/xss-vulnerability-when-previewing-svg-content/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-25046",
"datePublished": "2021-06-10T11:39:28.000Z",
"dateReserved": "2021-06-10T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:00:18.895Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5194 (GCVE-0-2020-5194)
Vulnerability from cvelistv5 – Published: 2020-01-14 13:34 – Updated: 2024-08-04 08:22- n/a
| URL | Tags |
|---|---|
| https://support.cerberusftp.com/hc/en-us/communit… | x_refsource_MISC |
| https://www.doyler.net/security-not-included/cerb… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:22:08.655Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.cerberusftp.com/hc/en-us/community/topics/360000164199-Announcements"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.doyler.net/security-not-included/cerberus-ftp-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The zip API endpoint in Cerberus FTP Server 8 allows an authenticated attacker without zip permission to use the zip functionality via an unrestricted API endpoint. Improper permission verification occurs when calling the file/ajax_download_zip/zip_name endpoint. The result is that a user without permissions can zip and download files even if they do not have permission to view whether the file exists."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-14T13:34:18.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.cerberusftp.com/hc/en-us/community/topics/360000164199-Announcements"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.doyler.net/security-not-included/cerberus-ftp-vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-5194",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The zip API endpoint in Cerberus FTP Server 8 allows an authenticated attacker without zip permission to use the zip functionality via an unrestricted API endpoint. Improper permission verification occurs when calling the file/ajax_download_zip/zip_name endpoint. The result is that a user without permissions can zip and download files even if they do not have permission to view whether the file exists."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cerberusftp.com/hc/en-us/community/topics/360000164199-Announcements",
"refsource": "MISC",
"url": "https://support.cerberusftp.com/hc/en-us/community/topics/360000164199-Announcements"
},
{
"name": "https://www.doyler.net/security-not-included/cerberus-ftp-vulnerabilities",
"refsource": "MISC",
"url": "https://www.doyler.net/security-not-included/cerberus-ftp-vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-5194",
"datePublished": "2020-01-14T13:34:06.000Z",
"dateReserved": "2020-01-02T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:22:08.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5196 (GCVE-0-2020-5196)
Vulnerability from cvelistv5 – Published: 2020-01-14 13:29 – Updated: 2024-08-04 08:22- n/a
| URL | Tags |
|---|---|
| https://support.cerberusftp.com/hc/en-us/communit… | x_refsource_MISC |
| https://www.doyler.net/security-not-included/cerb… | x_refsource_MISC |
| https://www.cerberusftp.com/zip-unzip-permission-… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:22:08.917Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.cerberusftp.com/hc/en-us/community/topics/360000164199-Announcements"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.doyler.net/security-not-included/cerberus-ftp-vulnerabilities"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cerberusftp.com/zip-unzip-permission-bypass-vulnerability-fixed-in-cerberus-ftp-server-versions-11-0-3-and-10-0-18/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cerberus FTP Server Enterprise Edition prior to versions 11.0.3 and 10.0.18 allows an authenticated attacker to create files, display hidden files, list directories, and list files without the permission to zip and download (or unzip and upload) files. There are multiple ways to bypass certain permissions by utilizing the zip and unzip features. As a result, users without permission can see files, folders, and hidden files, and can create directories without permission."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-14T13:29:15.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.cerberusftp.com/hc/en-us/community/topics/360000164199-Announcements"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.doyler.net/security-not-included/cerberus-ftp-vulnerabilities"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cerberusftp.com/zip-unzip-permission-bypass-vulnerability-fixed-in-cerberus-ftp-server-versions-11-0-3-and-10-0-18/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-5196",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cerberus FTP Server Enterprise Edition prior to versions 11.0.3 and 10.0.18 allows an authenticated attacker to create files, display hidden files, list directories, and list files without the permission to zip and download (or unzip and upload) files. There are multiple ways to bypass certain permissions by utilizing the zip and unzip features. As a result, users without permission can see files, folders, and hidden files, and can create directories without permission."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cerberusftp.com/hc/en-us/community/topics/360000164199-Announcements",
"refsource": "MISC",
"url": "https://support.cerberusftp.com/hc/en-us/community/topics/360000164199-Announcements"
},
{
"name": "https://www.doyler.net/security-not-included/cerberus-ftp-vulnerabilities",
"refsource": "MISC",
"url": "https://www.doyler.net/security-not-included/cerberus-ftp-vulnerabilities"
},
{
"name": "https://www.cerberusftp.com/zip-unzip-permission-bypass-vulnerability-fixed-in-cerberus-ftp-server-versions-11-0-3-and-10-0-18/",
"refsource": "MISC",
"url": "https://www.cerberusftp.com/zip-unzip-permission-bypass-vulnerability-fixed-in-cerberus-ftp-server-versions-11-0-3-and-10-0-18/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-5196",
"datePublished": "2020-01-14T13:29:01.000Z",
"dateReserved": "2020-01-02T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:22:08.917Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5195 (GCVE-0-2020-5195)
Vulnerability from cvelistv5 – Published: 2020-01-13 17:29 – Updated: 2024-08-04 08:22- n/a
| URL | Tags |
|---|---|
| https://support.cerberusftp.com/hc/en-us/communit… | x_refsource_MISC |
| https://www.doyler.net/security-not-included/cerb… | x_refsource_MISC |
| https://www.cerberusftp.com/xss-vulnerability-in-… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:22:08.910Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.cerberusftp.com/hc/en-us/community/topics/360000164199-Announcements"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.doyler.net/security-not-included/cerberus-ftp-vulnerabilities"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cerberusftp.com/xss-vulnerability-in-public-shares-fixed-in-cerberus-ftp-server-version-11-0-1-and-10-0-17/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Reflected XSS through an IMG element in Cerberus FTP Server prior to versions 11.0.1 and 10.0.17 allows a remote attacker to execute arbitrary JavaScript or HTML via a crafted public folder URL. This occurs because of the folder_up.png IMG element not properly sanitizing user-inserted directory paths. The path modification must be done on a publicly shared folder for a remote attacker to insert arbitrary JavaScript or HTML. The vulnerability impacts anyone who clicks the malicious link crafted by the attacker."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-13T17:29:47.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.cerberusftp.com/hc/en-us/community/topics/360000164199-Announcements"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.doyler.net/security-not-included/cerberus-ftp-vulnerabilities"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cerberusftp.com/xss-vulnerability-in-public-shares-fixed-in-cerberus-ftp-server-version-11-0-1-and-10-0-17/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-5195",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Reflected XSS through an IMG element in Cerberus FTP Server prior to versions 11.0.1 and 10.0.17 allows a remote attacker to execute arbitrary JavaScript or HTML via a crafted public folder URL. This occurs because of the folder_up.png IMG element not properly sanitizing user-inserted directory paths. The path modification must be done on a publicly shared folder for a remote attacker to insert arbitrary JavaScript or HTML. The vulnerability impacts anyone who clicks the malicious link crafted by the attacker."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cerberusftp.com/hc/en-us/community/topics/360000164199-Announcements",
"refsource": "MISC",
"url": "https://support.cerberusftp.com/hc/en-us/community/topics/360000164199-Announcements"
},
{
"name": "https://www.doyler.net/security-not-included/cerberus-ftp-vulnerabilities",
"refsource": "MISC",
"url": "https://www.doyler.net/security-not-included/cerberus-ftp-vulnerabilities"
},
{
"name": "https://www.cerberusftp.com/xss-vulnerability-in-public-shares-fixed-in-cerberus-ftp-server-version-11-0-1-and-10-0-17/",
"refsource": "MISC",
"url": "https://www.cerberusftp.com/xss-vulnerability-in-public-shares-fixed-in-cerberus-ftp-server-version-11-0-1-and-10-0-17/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-5195",
"datePublished": "2020-01-13T17:29:36.000Z",
"dateReserved": "2020-01-02T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:22:08.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6367 (GCVE-0-2017-6367)
Vulnerability from cvelistv5 – Published: 2017-03-14 09:02 – Updated: 2024-08-05 15:25- n/a
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/96887 | vdb-entryx_refsource_BID |
| https://www.exploit-db.com/exploits/41596/ | exploitx_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:25:49.115Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96887",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96887"
},
{
"name": "41596",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/41596/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Cerberus FTP Server 8.0.10.1, a crafted HTTP request causes the Windows service to crash. The attack methodology involves a long Host header and an invalid Content-Length header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-16T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "96887",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96887"
},
{
"name": "41596",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/41596/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6367",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Cerberus FTP Server 8.0.10.1, a crafted HTTP request causes the Windows service to crash. The attack methodology involves a long Host header and an invalid Content-Length header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96887",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96887"
},
{
"name": "41596",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41596/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6367",
"datePublished": "2017-03-14T09:02:00.000Z",
"dateReserved": "2017-02-28T00:00:00.000Z",
"dateUpdated": "2024-08-05T15:25:49.115Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6339 (GCVE-0-2012-6339)
Vulnerability from cvelistv5 – Published: 2012-12-31 11:00 – Updated: 2024-09-16 20:16- n/a
| URL | Tags |
|---|---|
| http://sadgeeksinsnow.blogspot.com/2012/12/persis… | x_refsource_MISC |
| http://www.cerberusftp.com/products/releasenotes.html | x_refsource_CONFIRM |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sadgeeksinsnow.blogspot.com/2012/12/persistence-is-key-another-bug-hunt.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cerberusftp.com/products/releasenotes.html"
},
{
"name": "20121219 Multiple XSS vulnerabilities in Cerberus FTP Server \u003c= 5.0.5.1 [CVE-2012-6339]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0118.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cerberus FTP Server before 5.0.6.0 allow (1) remote attackers to inject arbitrary web script or HTML via a log entry that is not properly handled within the Log Manager component, and might allow (2) remote authenticated administrators to inject arbitrary web script or HTML via a Messages field to the servermanager program."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-12-31T11:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sadgeeksinsnow.blogspot.com/2012/12/persistence-is-key-another-bug-hunt.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cerberusftp.com/products/releasenotes.html"
},
{
"name": "20121219 Multiple XSS vulnerabilities in Cerberus FTP Server \u003c= 5.0.5.1 [CVE-2012-6339]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0118.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6339",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cerberus FTP Server before 5.0.6.0 allow (1) remote attackers to inject arbitrary web script or HTML via a log entry that is not properly handled within the Log Manager component, and might allow (2) remote authenticated administrators to inject arbitrary web script or HTML via a Messages field to the servermanager program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sadgeeksinsnow.blogspot.com/2012/12/persistence-is-key-another-bug-hunt.html",
"refsource": "MISC",
"url": "http://sadgeeksinsnow.blogspot.com/2012/12/persistence-is-key-another-bug-hunt.html"
},
{
"name": "http://www.cerberusftp.com/products/releasenotes.html",
"refsource": "CONFIRM",
"url": "http://www.cerberusftp.com/products/releasenotes.html"
},
{
"name": "20121219 Multiple XSS vulnerabilities in Cerberus FTP Server \u003c= 5.0.5.1 [CVE-2012-6339]",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0118.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6339",
"datePublished": "2012-12-31T11:00:00.000Z",
"dateReserved": "2012-12-13T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:16:37.402Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5301 (GCVE-0-2012-5301)
Vulnerability from cvelistv5 – Published: 2012-10-04 19:00 – Updated: 2024-08-06 21:05- n/a
| URL | Tags |
|---|---|
| http://www.cerberusftp.com/products/releasenotes.html | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:45.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cerberusftp.com/products/releasenotes.html"
},
{
"name": "cerberus-ftp-info-disclosure(79503)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79503"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-06-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The default configuration of Cerberus FTP Server before 5.0.4.0 supports the DES cipher for SSH sessions, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and performing a brute-force attack on the encrypted data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cerberusftp.com/products/releasenotes.html"
},
{
"name": "cerberus-ftp-info-disclosure(79503)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79503"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5301",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of Cerberus FTP Server before 5.0.4.0 supports the DES cipher for SSH sessions, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and performing a brute-force attack on the encrypted data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cerberusftp.com/products/releasenotes.html",
"refsource": "CONFIRM",
"url": "http://www.cerberusftp.com/products/releasenotes.html"
},
{
"name": "cerberus-ftp-info-disclosure(79503)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79503"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-5301",
"datePublished": "2012-10-04T19:00:00.000Z",
"dateReserved": "2012-10-04T00:00:00.000Z",
"dateUpdated": "2024-08-06T21:05:45.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2999 (GCVE-0-2012-2999)
Vulnerability from cvelistv5 – Published: 2012-10-04 19:00 – Updated: 2024-08-06 19:50- n/a
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/989684 | third-party-advisoryx_refsource_CERT-VN |
| http://www.cerberusftp.com/products/releasenotes.html | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/55788 | vdb-entryx_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:50:05.454Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#989684",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/989684"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cerberusftp.com/products/releasenotes.html"
},
{
"name": "55788",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55788"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in Cerberus FTP Server before 5.0.5.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user account or (2) reconfigure the state of the FTP service, as demonstrated by a request to usermanager/users/modify."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-07T10:00:00.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#989684",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/989684"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cerberusftp.com/products/releasenotes.html"
},
{
"name": "55788",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55788"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-2999",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in Cerberus FTP Server before 5.0.5.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user account or (2) reconfigure the state of the FTP service, as demonstrated by a request to usermanager/users/modify."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#989684",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/989684"
},
{
"name": "http://www.cerberusftp.com/products/releasenotes.html",
"refsource": "CONFIRM",
"url": "http://www.cerberusftp.com/products/releasenotes.html"
},
{
"name": "55788",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55788"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2012-2999",
"datePublished": "2012-10-04T19:00:00.000Z",
"dateReserved": "2012-05-30T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:50:05.454Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2769 (GCVE-0-2004-2769)
Vulnerability from cvelistv5 – Published: 2010-07-02 20:00 – Updated: 2024-09-17 04:23- n/a
| URL | Tags |
|---|---|
| http://secunia.com/advisories/40370 | third-party-advisoryx_refsource_SECUNIA |
| http://www.cerberusftp.com/phpBB3/viewtopic.php?f… | x_refsource_CONFIRM |
| http://www.cerberusftp.com/releasenotes.html | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/41285 | vdb-entryx_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:36:25.437Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "40370",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40370"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cerberusftp.com/phpBB3/viewtopic.php?f=4\u0026t=644"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cerberusftp.com/releasenotes.html"
},
{
"name": "41285",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/41285"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cerberus FTP Server before 4.0.3.0 allows remote authenticated users to list hidden files, even when the \"Display hidden files\" option is enabled, via the (1) MLSD or (2) MLST commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-07-02T20:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "40370",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40370"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cerberusftp.com/phpBB3/viewtopic.php?f=4\u0026t=644"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cerberusftp.com/releasenotes.html"
},
{
"name": "41285",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/41285"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2769",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cerberus FTP Server before 4.0.3.0 allows remote authenticated users to list hidden files, even when the \"Display hidden files\" option is enabled, via the (1) MLSD or (2) MLST commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40370",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40370"
},
{
"name": "http://www.cerberusftp.com/phpBB3/viewtopic.php?f=4\u0026t=644",
"refsource": "CONFIRM",
"url": "http://www.cerberusftp.com/phpBB3/viewtopic.php?f=4\u0026t=644"
},
{
"name": "http://www.cerberusftp.com/releasenotes.html",
"refsource": "CONFIRM",
"url": "http://www.cerberusftp.com/releasenotes.html"
},
{
"name": "41285",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41285"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2769",
"datePublished": "2010-07-02T20:00:00.000Z",
"dateReserved": "2010-07-02T00:00:00.000Z",
"dateUpdated": "2024-09-17T04:23:58.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-202001-1602
Vulnerability from variot - Updated: 2023-12-18 12:17Reflected XSS through an IMG element in Cerberus FTP Server prior to versions 11.0.1 and 10.0.17 allows a remote attacker to execute arbitrary JavaScript or HTML via a crafted public folder URL. This occurs because of the folder_up.png IMG element not properly sanitizing user-inserted directory paths. The path modification must be done on a publicly shared folder for a remote attacker to insert arbitrary JavaScript or HTML. The vulnerability impacts anyone who clicks the malicious link crafted by the attacker. Cerberus FTP Server Contains a cross-site scripting vulnerability.The information may be obtained and the information may be falsified. Cerberus FTP Server is a multi-channel Windows FTP server. In addition to the regular FTP functions, it also provides users with file access and management permissions, and can perform connection restrictions, time, IP access, and multipath priority settings
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202001-1602",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ftp server",
"scope": "lt",
"trust": 1.4,
"vendor": "cerberus",
"version": "11.0.1"
},
{
"model": "ftp server",
"scope": "lt",
"trust": 1.4,
"vendor": "cerberus",
"version": "10.0.17"
},
{
"model": "ftp server",
"scope": "lt",
"trust": 1.0,
"vendor": "cerberusftp",
"version": "10.0.17"
},
{
"model": "ftp server",
"scope": "gte",
"trust": 1.0,
"vendor": "cerberusftp",
"version": "11.0.0"
},
{
"model": "ftp server",
"scope": "lt",
"trust": 1.0,
"vendor": "cerberusftp",
"version": "11.0.1"
},
{
"model": "ftp server",
"scope": "gte",
"trust": 1.0,
"vendor": "cerberusftp",
"version": "10.0.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-07242"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001388"
},
{
"db": "NVD",
"id": "CVE-2020-5195"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cerberusftp:ftp_server:*:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.0.17",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cerberusftp:ftp_server:*:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.0.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5195"
}
]
},
"cve": "CVE-2020-5195",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-5195",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2020-07242",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2020-5195",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-5195",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2020-07242",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202001-423",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-07242"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001388"
},
{
"db": "NVD",
"id": "CVE-2020-5195"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-423"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Reflected XSS through an IMG element in Cerberus FTP Server prior to versions 11.0.1 and 10.0.17 allows a remote attacker to execute arbitrary JavaScript or HTML via a crafted public folder URL. This occurs because of the folder_up.png IMG element not properly sanitizing user-inserted directory paths. The path modification must be done on a publicly shared folder for a remote attacker to insert arbitrary JavaScript or HTML. The vulnerability impacts anyone who clicks the malicious link crafted by the attacker. Cerberus FTP Server Contains a cross-site scripting vulnerability.The information may be obtained and the information may be falsified. Cerberus FTP Server is a multi-channel Windows FTP server. In addition to the regular FTP functions, it also provides users with file access and management permissions, and can perform connection restrictions, time, IP access, and multipath priority settings",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5195"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001388"
},
{
"db": "CNVD",
"id": "CNVD-2020-07242"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-5195",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001388",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-07242",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202001-423",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-07242"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001388"
},
{
"db": "NVD",
"id": "CVE-2020-5195"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-423"
}
]
},
"id": "VAR-202001-1602",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-07242"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-07242"
}
]
},
"last_update_date": "2023-12-18T12:17:22.504000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Announcements",
"trust": 0.8,
"url": "https://support.cerberusftp.com/hc/en-us/community/topics/360000164199-announcements"
},
{
"title": "XSS Vulnerability in Public Shares fixed in Cerberus FTP Server version 11.0.1 and 10.0.17",
"trust": 0.8,
"url": "https://www.cerberusftp.com/xss-vulnerability-in-public-shares-fixed-in-cerberus-ftp-server-version-11-0-1-and-10-0-17/"
},
{
"title": "Patch for Cerberus FTP Server Cross-Site Scripting Vulnerability (CNVD-2020-07242)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/200639"
},
{
"title": "Cerberus FTP Server Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=106777"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-07242"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001388"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-423"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-001388"
},
{
"db": "NVD",
"id": "CVE-2020-5195"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.doyler.net/security-not-included/cerberus-ftp-vulnerabilities"
},
{
"trust": 1.6,
"url": "https://support.cerberusftp.com/hc/en-us/community/topics/360000164199-announcements"
},
{
"trust": 1.6,
"url": "https://www.cerberusftp.com/xss-vulnerability-in-public-shares-fixed-in-cerberus-ftp-server-version-11-0-1-and-10-0-17/"
},
{
"trust": 1.4,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5195"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5195"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-07242"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001388"
},
{
"db": "NVD",
"id": "CVE-2020-5195"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-423"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-07242"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001388"
},
{
"db": "NVD",
"id": "CVE-2020-5195"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-423"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-07242"
},
{
"date": "2020-02-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-001388"
},
{
"date": "2020-01-13T18:15:14.610000",
"db": "NVD",
"id": "CVE-2020-5195"
},
{
"date": "2020-01-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-423"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-07242"
},
{
"date": "2020-02-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-001388"
},
{
"date": "2020-01-22T16:05:31.283000",
"db": "NVD",
"id": "CVE-2020-5195"
},
{
"date": "2021-01-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-423"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202001-423"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cerberus FTP Server Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-001388"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202001-423"
}
],
"trust": 0.6
}
}