汇总 cerberus 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。
已披露问题常与 跨站脚本与缓冲区溢出 相关,可能在 软件部署与生产负载 场景中带来 应用崩溃与内存损坏 等暴露风险。
相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2017-6880 | Buffer overflow in Cerberus FTP Server 8.0.10.3 allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long MLST command. | [email protected] | 9.8 | 14.32% | 2017-03-17 | 2026-06-16 |
| CVE-2008-6440 | Cerberus Helpdesk before 4.0 (Build 600) allows remote attackers to obtain sensitive information via direct requests for "controllers ... that aren't standard helpdesk pages," possibly involving the (1) /display and (2) /kb URIs. | [email protected] | 5.0 | 1.16% | 2009-03-06 | 2026-06-16 |
| CVE-2007-5930 | Cross-site scripting (XSS) vulnerability in the web interface in Cerberus FTP Server before 2.46 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | [email protected] | 4.3 | 1.22% | 2007-11-10 | 2026-06-16 |
| CVE-2006-6366 | Cross-site scripting (XSS) vulnerability in includes/elements/spellcheck/spellwin.php in Cerberus Helpdesk 0.97.3, 2.0 through 2.7, 3.2.1, and 3.3 allows remote attackers to inject arbitrary web script or HTML via the js parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | [email protected] | 6.8 | 1.73% | 2006-12-07 | 2026-06-16 |
| CVE-2006-5428 | rpc.php in Cerberus Helpdesk 3.2.1 does not verify a client's privileges for a display_get_requesters operation, which allows remote attackers to bypass the GUI login and obtain sensitive information (ticket data) via a direct request. | [email protected] | 5.0 | 2.71% | 2006-10-20 | 2026-06-16 |
| CVE-2006-4539 | (1) includes/widgets/module_company_tickets.php and (2) includes/widgets/module_track_tickets.php Client Support Center in Cerberus Helpdesk 3.2 Build 317, and possibly earlier, allows remote attackers to bypass security restrictions and obtain sensitive information via the ticket parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | [email protected] | 7.5 | 1.76% | 2006-09-05 | 2026-06-16 |
| CVE-2006-0509 | Multiple cross-site scripting (XSS) vulnerabilities in clients.php in Cerberus Helpdesk, possibly 2.7, allow remote attackers to inject arbitrary web script or HTML via (1) the contact_search parameter and (2) unspecified url fields. | [email protected] | 4.3 | 1.92% | 2006-02-01 | 2026-06-16 |
| CVE-2005-4428 | Cross-site scripting (XSS) vulnerability in index.php in Cerberus Helpdesk allows remote attackers to inject arbitrary web script or HTML via the kb_ask parameter. | [email protected] | 4.3 | 1.30% | 2005-12-20 | 2026-06-16 |
| CVE-2005-4427 | Multiple SQL injection vulnerabilities in Cerberus Helpdesk allow remote attackers to execute arbitrary SQL commands via the (1) file_id parameter to attachment_send.php, (2) the $addy variable in email_parser.php, (3) $address variable in email_parser.php, (4) $a_address variable in structs.php, (5) kbid parameter to cer_KnowledgebaseHandler.class.php, (6) queues[] parameter to addresses_export.php, (7) $thread variable to display.php, (8) ticket parameter to display_ticket_thread.php. | [email protected] | 7.5 | 3.22% | 2005-12-20 | 2026-06-16 |
| CVE-2005-3502 | attachment_send.php in Cerberus Helpdesk allows remote attackers to view attachments and tickets of other users via a modified file_id parameter. | [email protected] | 5.0 | 1.55% | 2005-11-05 | 2026-06-16 |
| CVE-2005-1963 | Cerberus Helpdesk 0.97.3 allows remote attackers to obtain sensitive information via certain requests to (1) reports.php, (2) knowledgebase.php, or (3) configuration.php, which leaks the information in a PHP error message. | [email protected] | 5.0 | 1.55% | 2005-06-16 | 2026-06-16 |
| CVE-2005-1962 | Cross-site scripting (XSS) vulnerability in Cerberus Helpdesk 0.97.3 allows remote attackers to inject arbitrary web script or HTML via the (1) errorcode parameter to index.php or (2) certain fields to clients.php. | [email protected] | 4.3 | 1.26% | 2005-06-16 | 2026-06-16 |
| CVE-2003-1476 | Cerberus FTP Server 2.1 stores usernames and passwords in plaintext, which could allow local users to gain access. | [email protected] | 2.1 | 0.29% | 2003-12-31 | 2026-06-16 |