This might be proprietary software.
|2020-01-14||CVE-2020-5194||The zip API endpoint in Cerberus FTP Server 8 allows an authenticated attacker without zip permission to use the zip functionality via an unrestricted API endpoint. Improper permission verification occurs when calling the file/ajax_download_zip/zip_name endpoint. The result is that a user without permissions can zip and download files even if they do not have permission to view whether the file exists.||Ftp_server||N/A|
|2020-01-14||CVE-2020-5196||Cerberus FTP Server Enterprise Edition prior to versions 11.0.3 and 10.0.18 allows an authenticated attacker to create files, display hidden files, list directories, and list files without the permission to zip and download (or unzip and upload) files. There are multiple ways to bypass certain permissions by utilizing the zip and unzip features. As a result, users without permission can see files, folders, and hidden files, and can create directories without permission.||Ftp_server||N/A|
|2017-03-14||CVE-2017-6367||In Cerberus FTP Server 18.104.22.168, a crafted HTTP request causes the Windows service to crash. The attack methodology involves a long Host header and an invalid Content-Length header.||Ftp_server||7.5|
|2012-12-31||CVE-2012-6339||Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cerberus FTP Server before 22.214.171.124 allow (1) remote attackers to inject arbitrary web script or HTML via a log entry that is not properly handled within the Log Manager component, and might allow (2) remote authenticated administrators to inject arbitrary web script or HTML via a Messages field to the servermanager program.||Ftp_server||N/A|
|2012-10-04||CVE-2012-5301||The default configuration of Cerberus FTP Server before 126.96.36.199 supports the DES cipher for SSH sessions, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and performing a brute-force attack on the encrypted data.||Ftp_server||N/A|
|2012-10-04||CVE-2012-2999||Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in Cerberus FTP Server before 188.8.131.52 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user account or (2) reconfigure the state of the FTP service, as demonstrated by a request to usermanager/users/modify.||Ftp_server||N/A|
|2010-07-02||CVE-2004-2769||Cerberus FTP Server before 184.108.40.206 allows remote authenticated users to list hidden files, even when the "Display hidden files" option is enabled, via the (1) MLSD or (2) MLST commands.||Ftp_server||N/A|