1557 matches found
OESA-2026-2159 proftpd security update
ProFTPD is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based...
OESA-2026-2158 proftpd security update
ProFTPD is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based...
Exploit for CVE-2026-42167
Description This repository contains a functional exploit for...
Exploit for CVE-2026-42167
CVE-2026-42167 Master Exploit Tool A professional security re...
Exploit for CVE-2026-42167
\ CVE-2026-42167 POC Pre-Authentication Remote Code Executio...
SUSE CVE-2026-42167
modsql in ProFTPD before 1.3.9a allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backend allows commands e.g., COPY TO PROGRAM...
Exploit for CVE-2026-42167
CVE-2026-42167 — ProFTPD modsql SQL Injection / Auth Bypass...
Linux Distros Unpatched Vulnerability : CVE-2026-42167
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - modsql in ProFTPD before 1.3.9a allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an...
CVE-2026-42167
modsql in ProFTPD before 1.3.9a allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backend allows commands e.g., COPY TO PROGRAM...
Exploit for CVE-2026-42167
ProFTPD Vulnerability POCs Proof-of-concept demonstrations fo...
[slackware-security] proftpd
New proftpd packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/proftpd-1.3.9a-i586-1slack15.0.txz: Upgraded. Fix for an SQL injection that may lead to authentication bypass, privilege escalation,...
CVE-2026-42167
modsql in ProFTPD before 1.3.10rc1 allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backend allows commands e.g., COPY TO PROGRAM...
CVE-2026-42167
modsql in ProFTPD before 1.3.9a allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backend allows commands e.g., COPY TO PROGRAM...
Slackware Linux 15.0 / current proftpd Vulnerability (SSA:2026-118-01)
The version of proftpd installed on the remote host is prior to 1.3.9a. It is, therefore, affected by a vulnerability as referenced in the SSA:2026-118-01 advisory. New proftpd packages are available for Slackware 15.0 and -current to fix a security issue. Tenable has extracted the preceding...
ProFTPD SQL注入漏洞
ProFTPD is an open-source FTP server software with high configurability developed by ProFTPD. Versions of ProFTPD prior to 1.3.10rc1 contained a SQL injection vulnerability. This vulnerability originated from the modsql module. In scenarios where USER requests with extensions like %U are recorded...
PT-2026-36217
Уязвимость модуля mod sql FTP-сервера ProFTPD связана с непринятием мер по защите структуры запроса SQL. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольные команды...
CVE-2026-42167
modsql in ProFTPD before 1.3.9a allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backend allows commands e.g., COPY TO PROGRAM...
EUVD-2026-26157
modsql in ProFTPD before 1.3.10rc1 allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backend allows commands e.g., COPY TO PROGRAM...
CVE-2026-42167
CVE-2026-42167 : A logic flaw in ProFTPD (mod_sql) allows unauthenticated SQL injection via logging of USER (e.g., %U). The root cause is a faulty is_escaped_text() heuristic in contrib/mod_sql.c that may treat attacker-controlled input as already escaped, leading to raw injection into SQL and po...
CVE-2026-42167
modsql in ProFTPD before 1.3.9a allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backend allows commands e.g., COPY TO PROGRAM...