Show filters
9 Total Results
Displaying 1-9 of 9
Sort by:
Attacker Value
Unknown
CVE-2012-6339
Disclosure Date: December 31, 2012 (last updated October 05, 2023)
Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cerberus FTP Server before 5.0.6.0 allow (1) remote attackers to inject arbitrary web script or HTML via a log entry that is not properly handled within the Log Manager component, and might allow (2) remote authenticated administrators to inject arbitrary web script or HTML via a Messages field to the servermanager program.
0
Attacker Value
Unknown
CVE-2012-4729
Disclosure Date: October 26, 2012 (last updated October 05, 2023)
Wing FTP Server before 4.1.1 allows remote authenticated users to cause a denial of service (daemon crash) via two zip commands.
0
Attacker Value
Unknown
CVE-2012-2999
Disclosure Date: October 04, 2012 (last updated October 05, 2023)
Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in Cerberus FTP Server before 5.0.5.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user account or (2) reconfigure the state of the FTP service, as demonstrated by a request to usermanager/users/modify.
0
Attacker Value
Unknown
CVE-2012-5301
Disclosure Date: October 04, 2012 (last updated October 05, 2023)
The default configuration of Cerberus FTP Server before 5.0.4.0 supports the DES cipher for SSH sessions, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and performing a brute-force attack on the encrypted data.
0
Attacker Value
Unknown
CVE-2004-2769
Disclosure Date: July 02, 2010 (last updated October 04, 2023)
Cerberus FTP Server before 4.0.3.0 allows remote authenticated users to list hidden files, even when the "Display hidden files" option is enabled, via the (1) MLSD or (2) MLST commands.
0
Attacker Value
Unknown
CVE-2010-2428
Disclosure Date: June 24, 2010 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in admin_loginok.html in the Administrator web interface in Wing FTP Server for Windows 3.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted POST request.
0
Attacker Value
Unknown
CVE-2006-4847
Disclosure Date: September 19, 2006 (last updated October 12, 2023)
Multiple buffer overflows in Ipswitch WS_FTP Server 5.05 before Hotfix 1 allow remote authenticated users to execute arbitrary code via long (1) XCRC, (2) XSHA1, or (3) XMD5 commands.
0
Attacker Value
Unknown
CVE-2004-1848
Disclosure Date: December 31, 2004 (last updated February 22, 2025)
Ipswitch WS_FTP Server 4.0.2 allows remote attackers to cause a denial of service (disk consumption) and bypass file size restrictions via a REST command with a large size argument, followed by a STOR of a smaller file.
0
Attacker Value
Unknown
CVE-2004-1884
Disclosure Date: March 23, 2004 (last updated February 22, 2025)
Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with a default password, which allows remote attackers to gain access.
0
