cbcvebase.

Cerberusftp Ftp Server vulnerabilities

10 known vulnerabilities affecting cerberusftp/ftp_server.

Total CVEs
10
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM7

Vulnerabilities

Page 1 of 1
CVE-2017-6367P3HIGHCVSS 7.5PoCv8.0.10.12017-03-14
CVE-2017-6367 [HIGH] CWE-20 CVE-2017-6367: In Cerberus FTP Server 8.0.10.1, a crafted HTTP request causes the Windows service to crash. The att In Cerberus FTP Server 8.0.10.1, a crafted HTTP request causes the Windows service to crash. The attack methodology involves a long Host header and an invalid Content-Length header.
nvd
CVE-2019-25046P3MEDIUMCVSS 6.1PoCfixed in 10.0.19≥ 11.0.0, < 11.0.42021-06-10
CVE-2019-25046 [MEDIUM] CWE-79 CVE-2019-25046: The Web Client in Cerberus FTP Server Enterprise before 10.0.19 and 11.x before 11.0.4 allows XSS vi The Web Client in Cerberus FTP Server Enterprise before 10.0.19 and 11.x before 11.0.4 allows XSS via an SVG document.
nvd
CVE-2026-6265P3HIGHCVSS 8.8fixed in 2026.12026-04-27
CVE-2026-6265 [HIGH] CWE-278 CVE-2026-6265: Insecure preserved inherited permissions vulnerability in Cerberus FTP Server on Windows allows Priv Insecure preserved inherited permissions vulnerability in Cerberus FTP Server on Windows allows Privilege Escalation.This issue has been resolved in Cerberus FTP Server: 2026.1
nvd
CVE-2020-5196P3HIGHCVSS 8.1≥ 10.0.0, < 10.0.18≥ 11.0.0, < 11.0.32020-01-14
CVE-2020-5196 [HIGH] CWE-276 CVE-2020-5196: Cerberus FTP Server Enterprise Edition prior to versions 11.0.3 and 10.0.18 allows an authenticated Cerberus FTP Server Enterprise Edition prior to versions 11.0.3 and 10.0.18 allows an authenticated attacker to create files, display hidden files, list directories, and list files without the permission to zip and download (or unzip and upload) files. There are multiple ways to bypass certain permissions by utilizing the zip and unzip features. As a res
nvd
CVE-2020-5194P4MEDIUMCVSS 5.4v8.02020-01-14
CVE-2020-5194 [MEDIUM] CWE-639 CVE-2020-5194: The zip API endpoint in Cerberus FTP Server 8 allows an authenticated attacker without zip permissio The zip API endpoint in Cerberus FTP Server 8 allows an authenticated attacker without zip permission to use the zip functionality via an unrestricted API endpoint. Improper permission verification occurs when calling the file/ajax_download_zip/zip_name endpoint. The result is that a user without permissions can zip and download files even if they do
nvd
CVE-2020-5195P4MEDIUMCVSS 6.1≥ 10.0.0, < 10.0.17≥ 11.0.0, < 11.0.12020-01-13
CVE-2020-5195 [MEDIUM] CWE-79 CVE-2020-5195: Reflected XSS through an IMG element in Cerberus FTP Server prior to versions 11.0.1 and 10.0.17 all Reflected XSS through an IMG element in Cerberus FTP Server prior to versions 11.0.1 and 10.0.17 allows a remote attacker to execute arbitrary JavaScript or HTML via a crafted public folder URL. This occurs because of the folder_up.png IMG element not properly sanitizing user-inserted directory paths. The path modification must be done on a publicly sh
nvd
CVE-2012-2999P4MEDIUMCVSS 6.8≤ 5.0.4.3v1.0+81 more2012-10-04
CVE-2012-2999 [MEDIUM] CWE-352 CVE-2012-2999: Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in Cerberus FTP Serv Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in Cerberus FTP Server before 5.0.5.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user account or (2) reconfigure the state of the FTP service, as demonstrated by a request to usermanager/users/modify.
nvd
CVE-2012-5301P4MEDIUMCVSS 5.0≤ 5.0.3.1v1.0+110 more2012-10-04
CVE-2012-5301 [MEDIUM] CWE-310 CVE-2012-5301: The default configuration of Cerberus FTP Server before 5.0.4.0 supports the DES cipher for SSH sess The default configuration of Cerberus FTP Server before 5.0.4.0 supports the DES cipher for SSH sessions, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and performing a brute-force attack on the encrypted data.
nvd
CVE-2012-6339P4MEDIUMCVSS 4.3≤ 5.0.5.1v1.0+116 more2012-12-31
CVE-2012-6339 [MEDIUM] CWE-79 CVE-2012-6339: Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cerberus Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cerberus FTP Server before 5.0.6.0 allow (1) remote attackers to inject arbitrary web script or HTML via a log entry that is not properly handled within the Log Manager component, and might allow (2) remote authenticated administrators to inject arbitrary web scri
nvd
CVE-2004-2769P4MEDIUMCVSS 4.0≤ 4.0.2.2v1.0+63 more2010-07-02
CVE-2004-2769 [MEDIUM] CWE-264 CVE-2004-2769: Cerberus FTP Server before 4.0.3.0 allows remote authenticated users to list hidden files, even when Cerberus FTP Server before 4.0.3.0 allows remote authenticated users to list hidden files, even when the "Display hidden files" option is enabled, via the (1) MLSD or (2) MLST commands.
nvd
Cerberusftp Ftp Server vulnerabilities | cvebase