1565 matches found
CVE-2005-2390
Multiple format string vulnerabilities in ProFTPD before 1.3.0rc2 allow attackers to cause a denial of service or obtain sensitive information via 1 certain inputs to the shutdown message from ftpshut, or 2 the SQLShowInfo modsql directive...
CVE-2005-2390
CVE-2005-2390 affects ProFTPD prior to 1.3.0rc2, where two format string vulnerabilities exist: one in the shutdown message generated by ftpshut and another in the mod_sql directive SQLShowInfo. The vulnerabilities can lead to information disclosure and a denial of service, with potential for arb...
ProFTPD < 1.3.0rc2 Multiple Remote Format Strings
The remote host is using ProFTPD, a free FTP server for Unix and Linux. According to its banner, the version of ProFTPD installed on the remote host suffers from multiple format string vulnerabilities, one involving the 'ftpshut' utility and the other in modsql's 'SQLShowInfo' directive...
ProFTPD < 1.3.0rc2 Multiple Format Strings
Binary data 3113.prm...
ProFTPD format string vulnerabilities
Format string in directory name on shutdown message...
[SA16181] ProFTPD Two Format String Vulnerabilities
---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...
proftpd -- format string vulnerabilities
The ProFTPD release notes states: sean found two format string vulnerabilities, one in modsql's SQLShowInfo directive, and one involving the 'ftpshut' utility. Both can be considered low risk, as they require active involvement on the part of the site administrator in order to be exploited. These...
Slackware 8.1 / 9.0 / current : ProFTPD Security Advisory (SSA:2003-259-02)
Upgraded ProFTPD packages are available for Slackware 8.1, 9.0 and - -current. These fix a security issue where an attacker could gain a root shell by downloading a specially crafted file. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...
CVE-2001-1500
ProFTPD 1.2.2rc2 (and possibly other versions) is affected by a DNS validation issue where reverse-resolved hostnames are not properly verified via forward resolution. This can allow remote attackers to bypass access control lists or log an incorrect client hostname. The available connected docum...
CVE-2001-1500
ProFTPD 1.2.2rc2, and possibly other versions, does not properly verify reverse-resolved hostnames by performing forward resolution, which allows remote attackers to bypass ACLs or cause an incorrect client hostname to be logged...
CVE-2001-1501
The glob functionality in ProFTPD 1.2.1, and possibly other versions allows remote attackers to cause a denial of service CPU and memory consumption via commands with large numbers of wildcard and other special characters, as demonstrated using an ls command with multiple 1 "/..", 2 "/.", or 3...
CVE-2001-1501
The CVE-2001-1501 entry concerns ProFTPD 1.2.1 (and possibly other versions) where the globbing logic can be abused by commands containing many wildcard or special characters. Reported changes: remote attackers can trigger a denial of service through CPU and memory exhaustion by crafting commands...
CVE-2004-1602
ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response...
CVE-2004-1602
ProFTPD 1.2.x (including 1.2.8 and 1.2.10) is vulnerable to username enumeration via timing differences in responses, enabling remote attackers to identify valid usernames. Root cause: timing-based information disclosure in login handling. Affected products: ProFTPD before 1.2.11. Impact: partial...
gProFTPD ProFTPD FTP server monitoring tool format tring bug
Format string bug during server log file parsing...
CVE-2005-0484
The CVE-2005-0484 issue is a format-string vulnerability in the gprostats component of GProFTPD, where a crafted filename during an FTP transfer can insert format specifiers into the ProFTPD transfer log and potentially allow remote code execution. Affected systems are GProFTPD with gprostats pri...
При использовании ProFTPD возможно повышение привелегий и раскрытие критичной информации.
ProFTPD 1.2.9 Server ProFTPD Default Installation Заголовок: При использовании ProFTPD возможно повышение привелегий и раскрытие критичной информации. Описание: Позволяет изменять текущую группу на файлах и директориях. При использовании команды: site chgrp users directory || file не происходит...
ProFTPD privilege escalation
Access privileges are not chacked for 'site chgrp' command...
CVE-2004-0346
Off-by-one buffer overflow in xlateasciiwrite in ProFTPD 1.2.7 through 1.2.9rc2p allows local users to gain privileges via a 1024 byte RETR command...
ProFTPD < 1.2.11 Remote User Enumeration
Binary data 2393.prm...