CVE-2020-5196

HIGH Year: 2020
CVSS v3 Score
8.1
High
CVSS v2 Score
5.5
Medium
Weakness Type
CWE-276
View all →

Vulnerability Description

Cerberus FTP Server Enterprise Edition prior to versions 11.0.3 and 10.0.18 allows an authenticated attacker to create files, display hidden files, list directories, and list files without the permission to zip and download (or unzip and upload) files. There are multiple ways to bypass certain permissions by utilizing the zip and unzip features. As a result, users without permission can see files, folders, and hidden files, and can create directories without permission.

Related Vulnerabilities

CVE-2017-3209

HIGH
CVSS:8.1(High)

The DBPOWER U818A WIFI quadcopter drone provides FTP access over its own local access point, and allows full file permissions to the anonymous user. The DBPower U818A WIFI quadcopter drone runs an FTP...

CWE-2762017

CVE-2019-9579

HIGH
CVSS:8.1(High)

An issue was discovered in Illumos in Nexenta NexentaStor 4.0.5 and 5.1.2, and other products. The SMB server allows an attacker to have unintended access, e.g., an attacker with WRITE_XATTR can chang...

CWE-2762019

CVE-2019-9682

HIGH
CVSS:8.1(High)

Dahua devices with Build time before December 2019 use strong security login mode by default, but in order to be compatible with the normal login of early devices, some devices retain the weak securit...

CWE-2762019

CVE-2020-5906

HIGH
CVSS:8.1(High)

In versions 13.1.0-13.1.3.3, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, the BIG-IP system does not properly enforce the access controls for the scp.blacklist files. This allows Admin and Resource Admin use...

CWE-2762020

CVE-2022-25364

HIGH
CVSS:8.1(High)

In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed anonymous write access. If this was not manually changed, a malicious actor with network access to the buil...

CWE-2762022