Security Advisory Description Cerberus FTP Server administrators have the option to block end-users from uploading certain file types, identified by file name extension. When end-users attempt to upload or rename files, they encounter a permission error if the target...
Security Advisory Description When customers preview SVG files in the Cerberus FTP Server Web Client, it executes any scripts embedded within the SVG file in the context of the end-user’s session. This exposes the user to malicious scripts that may hijack the...
Security Advisory Description Cerberus FTP Server Enterprise Edition prior to versions 11.0.3 and 10.0.18 are vulnerable to a permissions bypass when a user has zip/unzip permission. When zipping, users could zip files and folders that weren’t visible to them;...
You’ve been waiting and now it’s here: Cerberus FTP Server Version 11 is now available for new customers and active service agreement holders, with new features to keep your data and file transfers safe and secure. Cerberus FTP Server Version 11 offers the...
Security Advisory Description Cerberus FTP Server Enterprise Edition prior to versions 11.0.1 and 10.0.17 are vulnerable to a cross-site scripting (XSS) attack on Cerberus’ public share page. This XSS vulnerability allows a malicious public share to insert...
Security Advisory Description Cerberus FTP Server releases prior to 11.0.1 were vulnerable to brute force attacks for the 2FA code for a web client user or server administrator when using the Cerberus HOTP 2FA implementation. This vulnerability results from us...
