Cerberus

cerberus

13 CVEs • 4 products

Products (4)

Click to collapse

Toggle

Cerberus Helpdesk

cerberus_helpdesk

Cerberus Ftp Server

cerberus_ftp_server

CVEs (13)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2017-6880 1Cerberus 1Cerberus Ftp Server May 13, 2026 Mar 17, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Buffer overflow in Cerberus FTP Server 8.0.10.3 allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long MLST command.
CVE-2008-6440 2Cerberus Webgroupmedia 2Cerberus Helpdesk Cerberus Helpdesk Apr 23, 2026 Mar 6, 2009 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Cerberus Helpdesk before 4.0 (Build 600) allows remote attackers to obtain sensitive information via direct requests for "controllers ... that aren't standard helpdesk pages," possibly involving the (1) /display and (2)...Show more Cerberus Helpdesk before 4.0 (Build 600) allows remote attackers to obtain sensitive information via direct requests for "controllers ... that aren't standard helpdesk pages," possibly involving the (1) /display and (2) /kb URIs.Show less
CVE-2007-5930 1Cerberus 1Ftp Server Apr 23, 2026 Nov 10, 2007 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in the web interface in Cerberus FTP Server before 2.46 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2006-6366 1Cerberus 1Helpdesk Apr 23, 2026 Dec 7, 2006 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in includes/elements/spellcheck/spellwin.php in Cerberus Helpdesk 0.97.3, 2.0 through 2.7, 3.2.1, and 3.3 allows remote attackers to inject arbitrary web script or HTML via the js...Show more Cross-site scripting (XSS) vulnerability in includes/elements/spellcheck/spellwin.php in Cerberus Helpdesk 0.97.3, 2.0 through 2.7, 3.2.1, and 3.3 allows remote attackers to inject arbitrary web script or HTML via the js parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.Show less
CVE-2006-5428 1Cerberus 1Cerberus Helpdesk Apr 23, 2026 Oct 20, 2006 N/A· v4 N/A· v3 5.0 MEDIUM· v2 rpc.php in Cerberus Helpdesk 3.2.1 does not verify a client's privileges for a display_get_requesters operation, which allows remote attackers to bypass the GUI login and obtain sensitive information (ticket data) via a...Show more rpc.php in Cerberus Helpdesk 3.2.1 does not verify a client's privileges for a display_get_requesters operation, which allows remote attackers to bypass the GUI login and obtain sensitive information (ticket data) via a direct request.Show less
CVE-2006-4539 1Cerberus 1Cerberus Helpdesk Apr 16, 2026 Sep 5, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 (1) includes/widgets/module_company_tickets.php and (2) includes/widgets/module_track_tickets.php Client Support Center in Cerberus Helpdesk 3.2 Build 317, and possibly earlier, allows remote attackers to bypass security...Show more (1) includes/widgets/module_company_tickets.php and (2) includes/widgets/module_track_tickets.php Client Support Center in Cerberus Helpdesk 3.2 Build 317, and possibly earlier, allows remote attackers to bypass security restrictions and obtain sensitive information via the ticket parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.Show less
CVE-2006-0509 1Cerberus 1Cerberus Helpdesk Apr 16, 2026 Feb 1, 2006 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in clients.php in Cerberus Helpdesk, possibly 2.7, allow remote attackers to inject arbitrary web script or HTML via (1) the contact_search parameter and (2) unspecifie...Show more Multiple cross-site scripting (XSS) vulnerabilities in clients.php in Cerberus Helpdesk, possibly 2.7, allow remote attackers to inject arbitrary web script or HTML via (1) the contact_search parameter and (2) unspecified url fields.Show less
CVE-2005-4428 1Cerberus 1Cerberus Helpdesk Apr 16, 2026 Dec 20, 2005 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in index.php in Cerberus Helpdesk allows remote attackers to inject arbitrary web script or HTML via the kb_ask parameter.
CVE-2005-4427 1Cerberus 1Cerberus Helpdesk Apr 16, 2026 Dec 20, 2005 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple SQL injection vulnerabilities in Cerberus Helpdesk allow remote attackers to execute arbitrary SQL commands via the (1) file_id parameter to attachment_send.php, (2) the $addy variable in email_parser.php, (3) $...Show more Multiple SQL injection vulnerabilities in Cerberus Helpdesk allow remote attackers to execute arbitrary SQL commands via the (1) file_id parameter to attachment_send.php, (2) the $addy variable in email_parser.php, (3) $address variable in email_parser.php, (4) $a_address variable in structs.php, (5) kbid parameter to cer_KnowledgebaseHandler.class.php, (6) queues[] parameter to addresses_export.php, (7) $thread variable to display.php, (8) ticket parameter to display_ticket_thread.php.Show less
CVE-2005-3502 1Cerberus 1Cerberus Helpdesk Apr 16, 2026 Nov 5, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 attachment_send.php in Cerberus Helpdesk allows remote attackers to view attachments and tickets of other users via a modified file_id parameter.
CVE-2005-1963 1Cerberus 1Cerberus Helpdesk Apr 16, 2026 Jun 16, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Cerberus Helpdesk 0.97.3 allows remote attackers to obtain sensitive information via certain requests to (1) reports.php, (2) knowledgebase.php, or (3) configuration.php, which leaks the information in a PHP error messag...Show more Cerberus Helpdesk 0.97.3 allows remote attackers to obtain sensitive information via certain requests to (1) reports.php, (2) knowledgebase.php, or (3) configuration.php, which leaks the information in a PHP error message.Show less
CVE-2005-1962 1Cerberus 1Cerberus Helpdesk Apr 16, 2026 Jun 16, 2005 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in Cerberus Helpdesk 0.97.3 allows remote attackers to inject arbitrary web script or HTML via the (1) errorcode parameter to index.php or (2) certain fields to clients.php.
CVE-2003-1476 1Cerberus 1Ftp Server Apr 16, 2026 Dec 31, 2003 N/A· v4 N/A· v3 2.1 LOW· v2 Cerberus FTP Server 2.1 stores usernames and passwords in plaintext, which could allow local users to gain access.