1564 matches found
Mandrake Linux Security Advisory : proftpd (MDKSA-2002:005)
Matthew S. Hallacy discovered that ProFTPD was not forward resolving reverse-resolved hostnames. A remote attacker could exploit this to bypass ProFTPD access controls or have false information logged. Frank Denis discovered that a remote attacker could send malicious commands to the ProFTPD serv...
Mandrake Linux Security Advisory : proftpd (MDKSA-2003:095-1)
A vulnerability was discovered by X-Force Research at ISS in ProFTPD's handling of ASCII translation. An attacker, by downloading a carefully crafted file, can remotely exploit this bug to create a root shell. The ProFTPD team encourages all users to upgrade to version 1.2.7 or higher. The...
FreeBSD : proftpd IP address access control list breakage (155)
The following package needs to be updated: proftpd %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkgcb6c6c299c4f11d893660020ed76ef5a.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright...
FreeBSD : ProFTPD ASCII translation bug resulting in remote root compromise (156)
The following package needs to be updated: proftpd %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkgcf0fb4263f9611d8b0960020ed76ef5a.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright...
ProFTPD Access Control List bypass vulnerability
Background ProFTPD is an FTP daemon. Description ProFTPD 1.2.9 introduced a vulnerability that allows CIDR-based ACLs such as 10.0.0.1/24 to be bypassed. The CIDR ACLs are disregarded, with the net effect being similar to an "AllowAll" directive. Impact This vulnerability may allow unauthorized...
CVE-2004-0432
ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL entries as if they were AllowAll, which could allow FTP clients to bypass intended access restrictions...
CVE-2004-0432
ProFTPD 1.2.9 contains a logic issue where CIDR-based ACL directives in Allow and Deny are treated as if they were AllowAll, effectively bypassing access restrictions. This vulnerability allows FTP clients to bypass intended controls and potentially access or modify files that should be restricte...
CVE-2004-0346
Off-by-one buffer overflow in xlateasciiwrite in ProFTPD 1.2.7 through 1.2.9rc2p allows local users to gain privileges via a 1024 byte RETR command...
CVE-2004-0346
CVE-2004-0346 affects ProFTPD 1.2.7–1.2.9rc2, caused by an off-by-one buffer overflow in _xlate_ascii_write() triggered by a crafted RETR command (1023+ bytes). According to the CVE record, this enables local users to gain privileges; PT-2004-1500 also documents a remote-triggered scenario via RE...
PT-2004-1500 · Proftpd · Proftpd
Name of the Vulnerable Software and Affected Versions: ProFTPD versions 1.2.7 through 1.2.9rc2 Description: The issue is caused by an off-by-one buffer overflow in the xlate ascii write function. This can be exploited by a remote attacker who issues a specially crafted RETR command containing 102...
ProFTPD buffer overflow
Buffer overflow on ASCII-files uploading...
The Cult of a Cardinal Number
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------ The Cult of a Cardinal Number Equal to the Sum of 1+1 by Phantasmal Phantasmagoria [email protected] - ---- Table of Contents ------------- 1 - Introduction 2 - Technical Details 3 - Final Thoughts - ----...
CVE-2003-0831
ProFTPD 1.2.7 through 1.2.9rc2 does not properly translate newline characters when transferring files in ASCII mode, which allows remote attackers to execute arbitrary code via a buffer overflow using certain files...
proftpd IP address access control list breakage
Jindrich Makovicka reports a regression in proftpd's handling of IP address access control lists IP ACLs. Due to this regression, some IP ACLs are treated as allow all''...
ProFTPD fails to properly handle newline characters when transferring files in ASCII mode
Overview ProFTPD is a popular free File Transfer Protocol FTP server package. A vulnerability in its handling of files transferred in ASCII mode can allow an attacker to compromise the system running the server. Description The File Transfer Protocol FTP described in RFC959 defines operations for...
ProFTPd 1.2.9 rc2 - .ASCII File Remote Code Execution (2)
ProFTPd 1.2.9 rc2 - .ASCII File Remote Code Execution 2 ProFTPd remote root exploit solareclipse at phreedom dot org GPG key ID: E36B11B7 https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/3021.tar.gz 12262006-proftpd-not-pro-enough.tar.gz milw0rm.com 2003-10-15...
ProFTPD <= 1.2.9 rc2 (ASCII File) Remote Root Exploit
No description provided by source. ProFTPd remote root exploit solareclipse at phreedom dot org GPG key ID: E36B11B7 http://www.milw0rm.com/sploits/12262006-proftpd-not-pro-enough.tar.gz milw0rm.com 2003-10-15...
ProFTPD <= 1.2.9 rc2 (ASCII File) Remote Root Exploit
Exploit for linux platform in category remote exploits ===================================================== ProFTPD = 1.2.9 rc2 ASCII File Remote Root Exploit ===================================================== ProFTPd remote root exploit solareclipse at phreedom dot org GPG key ID: E36B11B7...
ProFTPd 1.2.9 rc2 - '.ASCII' File Remote Code Execution (2)
ProFTPd remote root exploit solareclipse at phreedom dot org GPG key ID: E36B11B7 https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/3021.tar.gz 12262006-proftpd-not-pro-enough.tar.gz milw0rm.com 2003-10-15...
ProFTPd 1.2.7 1.2.9rc2 - Remote Code Execution Brute Force
ProFTPd 1.2.7 1.2.9rc2 - Remote Code Execution Brute Force / ProFTPd 1.2.7 - 1.2.9rc2 remote r00t exploit -------------------------------------------- By Haggis This exploit builds on the work of bkbll to create a working, brute-force remote exploit for the \n procesing bug in ProFTPd. Tested on...