Lucene search
K

1565 matches found

Cvelist
Cvelist
added 2005/07/27 4:0 a.m.30 views

CVE-2005-2390

Multiple format string vulnerabilities in ProFTPD before 1.3.0rc2 allow attackers to cause a denial of service or obtain sensitive information via 1 certain inputs to the shutdown message from ftpshut, or 2 the SQLShowInfo modsql directive...

6.4AI score0.09198EPSS
Exploits0References6
CVE
CVE
added 2005/07/27 4:0 a.m.77 views

CVE-2005-2390

CVE-2005-2390 affects ProFTPD prior to 1.3.0rc2, where two format string vulnerabilities exist: one in the shutdown message generated by ftpshut and another in the mod_sql directive SQLShowInfo. The vulnerabilities can lead to information disclosure and a denial of service, with potential for arb...

6.4CVSS6.4AI score0.09198EPSS
Exploits0References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2005/07/27 12:0 a.m.34 views

ProFTPD < 1.3.0rc2 Multiple Remote Format Strings

The remote host is using ProFTPD, a free FTP server for Unix and Linux. According to its banner, the version of ProFTPD installed on the remote host suffers from multiple format string vulnerabilities, one involving the 'ftpshut' utility and the other in modsql's 'SQLShowInfo' directive...

6.4CVSS5.4AI score0.09198EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2005/07/26 12:0 a.m.16 views

ProFTPD < 1.3.0rc2 Multiple Format Strings

Binary data 3113.prm...

6.6CVSS7.3AI score0.09198EPSS
Exploits1References3
securityvulns
securityvulns
added 2005/07/26 12:0 a.m.39 views

ProFTPD format string vulnerabilities

Format string in directory name on shutdown message...

2.5AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2005/07/26 12:0 a.m.19 views

[SA16181] ProFTPD Two Format String Vulnerabilities

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

Exploits0
FreeBSD
FreeBSD
added 2005/07/26 12:0 a.m.22 views

proftpd -- format string vulnerabilities

The ProFTPD release notes states: sean found two format string vulnerabilities, one in modsql's SQLShowInfo directive, and one involving the 'ftpshut' utility. Both can be considered low risk, as they require active involvement on the part of the site administrator in order to be exploited. These...

6.4CVSS6.1AI score0.09198EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2005/07/13 12:0 a.m.7 views

Slackware 8.1 / 9.0 / current : ProFTPD Security Advisory (SSA:2003-259-02)

Upgraded ProFTPD packages are available for Slackware 8.1, 9.0 and - -current. These fix a security issue where an attacker could gain a root shell by downloading a specially crafted file. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...

5.4AI score
Exploits0References1
CVE
CVE
added 2005/06/21 4:0 a.m.52 views

CVE-2001-1500

ProFTPD 1.2.2rc2 (and possibly other versions) is affected by a DNS validation issue where reverse-resolved hostnames are not properly verified via forward resolution. This can allow remote attackers to bypass access control lists or log an incorrect client hostname. The available connected docum...

7.5CVSS6.9AI score0.12449EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2005/06/21 4:0 a.m.18 views

CVE-2001-1500

ProFTPD 1.2.2rc2, and possibly other versions, does not properly verify reverse-resolved hostnames by performing forward resolution, which allows remote attackers to bypass ACLs or cause an incorrect client hostname to be logged...

6.9AI score0.12449EPSS
Exploits0References5
Cvelist
Cvelist
added 2005/06/21 4:0 a.m.22 views

CVE-2001-1501

The glob functionality in ProFTPD 1.2.1, and possibly other versions allows remote attackers to cause a denial of service CPU and memory consumption via commands with large numbers of wildcard and other special characters, as demonstrated using an ls command with multiple 1 "/..", 2 "/.", or 3...

7.1AI score0.38414EPSS
Exploits1References3
CVE
CVE
added 2005/06/21 4:0 a.m.62 views

CVE-2001-1501

The CVE-2001-1501 entry concerns ProFTPD 1.2.1 (and possibly other versions) where the globbing logic can be abused by commands containing many wildcard or special characters. Reported changes: remote attackers can trigger a denial of service through CPU and memory exhaustion by crafting commands...

5CVSS7.2AI score0.38414EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2005/02/20 5:0 a.m.16 views

CVE-2004-1602

ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response...

6.6AI score0.30679EPSS
Exploits1References5
CVE
CVE
added 2005/02/20 5:0 a.m.86 views

CVE-2004-1602

ProFTPD 1.2.x (including 1.2.8 and 1.2.10) is vulnerable to username enumeration via timing differences in responses, enabling remote attackers to identify valid usernames. Root cause: timing-based information disclosure in login handling. Affected products: ProFTPD before 1.2.11. Impact: partial...

5CVSS6.7AI score0.30679EPSS
Exploits1References5Affected Software1
securityvulns
securityvulns
added 2005/02/20 12:0 a.m.30 views

gProFTPD ProFTPD FTP server monitoring tool format tring bug

Format string bug during server log file parsing...

2.3AI score
Exploits0References1Affected Software1
CVE
CVE
added 2005/02/19 5:0 a.m.51 views

CVE-2005-0484

The CVE-2005-0484 issue is a format-string vulnerability in the gprostats component of GProFTPD, where a crafted filename during an FTP transfer can insert format specifiers into the ProFTPD transfer log and potentially allow remote code execution. Affected systems are GProFTPD with gprostats pri...

7.5CVSS7.5AI score0.1085EPSS
Exploits1References2Affected Software1
securityvulns
securityvulns
added 2004/12/12 12:0 a.m.27 views

При использовании ProFTPD возможно повышение привелегий и раскрытие критичной информации.

ProFTPD 1.2.9 Server ProFTPD Default Installation Заголовок: При использовании ProFTPD возможно повышение привелегий и раскрытие критичной информации. Описание: Позволяет изменять текущую группу на файлах и директориях. При использовании команды: site chgrp users directory || file не происходит...

1.2AI score
Exploits0
securityvulns
securityvulns
added 2004/12/12 12:0 a.m.33 views

ProFTPD privilege escalation

Access privileges are not chacked for 'site chgrp' command...

3.2AI score
Exploits0References1Affected Software1
NVD
NVD
added 2004/11/23 5:0 a.m.14 views

CVE-2004-0346

Off-by-one buffer overflow in xlateasciiwrite in ProFTPD 1.2.7 through 1.2.9rc2p allows local users to gain privileges via a 1024 byte RETR command...

7.8CVSS7.9AI score0.05736EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2004/11/06 12:0 a.m.18 views

ProFTPD < 1.2.11 Remote User Enumeration

Binary data 2393.prm...

5CVSS7.3AI score0.30679EPSS
Exploits1References1
Rows per page
Query Builder