125 matches found
CVE-2010-4652
Heap-based buffer overflow in the sqlpreparewhere function contrib/modsql.c in ProFTPD before 1.3.3d, when modsql is enabled, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted username containing substitution tags, which are not properly...
CVE-2010-4221
Multiple stack-based buffer overflows in the prnetiotelnetgets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC escape character to a 1 FTP or 2 FTPS server...
DEBIAN-CVE-2010-4221
Multiple stack-based buffer overflows in the prnetiotelnetgets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC escape character to a 1 FTP or 2 FTPS server...
CVE-2009-3639
The modtls module in ProFTPD before 1.3.2b, and 1.3.3 before 1.3.3rc2, when the dNSNameRequired TLS option is enabled, does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 client certificate, which allows remote attackers to bypass intended...
proftpd -- Long Command Processing Vulnerability
Secunia reports: The vulnerability is caused due to the application truncating an overly long FTP command, and improperly interpreting the remainder string as a new FTP command. This can be exploited to execute arbitrary FTP commands with the privileges of another user by e.g. tricking the user...
DEBIAN-CVE-2006-6563
Stack-based buffer overflow in the prctrlsrecvrequest function in ctrls.c in the modctrls module in ProFTPD before 1.3.1rc1 allows local users to execute arbitrary code via a large reqarglen length value...
CVE-2006-6171
ProFTPD 1.3.0a and earlier does not properly set the buffer size limit when CommandBufferSize is specified in the configuration file, which leads to an off-by-two buffer underflow. NOTE: in November 2006, the role of CommandBufferSize was originally associated with CVE-2006-5815, but this was an...
PT-2006-1003 · Proftpd · Proftpd
Name of the Vulnerable Software and Affected Versions: ProFTPD version 1.3.0 and earlier Description: The issue is related to a stack-based buffer overflow in the sreplace function, which can be exploited by remote attackers to cause a denial of service and potentially execute arbitrary code. Thi...
CVE-2004-1602
ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response...
ProFTPD < 1.2.11 Remote User Enumeration
Binary data 2393.prm...
ProFTPD <= 1.2.10 Remote Users Enumeration Exploit
No description provided by source. / Details Vulnerable Systems: ProFTPD Version 1.2.10 and below It is possible to determine which user names are valid, which are special, and which ones do not exist on the remote system. This can be accomplished by code execution path timing analysis attack at...
ProFTPD <= 1.2.10 Remote Users Enumeration Exploit
Exploit for linux platform in category remote exploits ================================================== ProFTPD include include include include define PORT 21 define PROBE 8 main int argc, char argv int sock,n,y; long dist,stat=0; struct sockaddrin sin; char buf1024, buf21024; struct timeval t...
ProFTPd 1.2.10 - Remote Users Enumeration
/ Details Vulnerable Systems: ProFTPD Version 1.2.10 and below It is possible to determine which user names are valid, which are special, and which ones do not exist on the remote system. This can be accomplished by code execution path timing analysis attack at the ProFTPd login procedure. There ...
ProFTPD Login Timing Account Name Enumeration
The remote ProFTPd server is as old or older than 1.2.10 It is possible to determine which user names are valid on the remote host based on timing analysis attack of the login procedure. An attacker may use this flaw to set up a list of valid usernames for a more efficient brute-force attack...
CVE-2004-1602
ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response...
Debian DSA-029-2 : proftpd - remote DOS & potential buffer overflow
The following problems have been reported for the version of proftpd in Debian 2.2 potato : - There is a memory leak in the SIZE command which can result in a denial of service, as reported by Wojciech Purczynski. This is only a problem if proftpd cannot write to its scoreboard file; the default...
GLSA-200405-09 : ProFTPD Access Control List bypass vulnerability
The remote host is affected by the vulnerability described in GLSA-200405-09 ProFTPD Access Control List bypass vulnerability ProFTPD 1.2.9 introduced a vulnerability that allows CIDR-based ACLs such as 10.0.0.1/24 to be bypassed. The CIDR ACLs are disregarded, with the net effect being similar t...
ProFTPd < 1.2.0pre6 mkdir Command Overflow
Binary data 1843.prm...
ProFTPd ASCII Newline Character Overflow
Binary data 1844.prm...
ProFTPd Local pr_ctrls_connect Vuln - ftpdctl
Exploit for linux platform in category local exploits ============================================= ProFTPd Local prctrlsconnect Vuln - ftpdctl ============================================= / This is simple local exploit Proof of Concept? for local bug in ProFTPd not in default options must be...