Lucene search
K

1564 matches found

0day.today
0day.today
added 2003/06/19 12:0 a.m.18 views

ProFTPD 1.2.9RC1 (mod_sql) Remote SQL Injection Exploit

Exploit for linux platform in category remote exploits ======================================================= ProFTPD 1.2.9RC1 modsql Remote SQL Injection Exploit ======================================================= !/usr/bin/perl ProFTPD 1.2.9 rc1 modsql SQL Injection remote Exploit Spaine -...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2003/06/19 12:0 a.m.11 views

ProFTPd 1.2.9 RC1 - mod_sql SQL Injection

ProFTPd 1.2.9 RC1 - modsql SQL Injection !/usr/bin/perl ProFTPD 1.2.9 rc1 modsql SQL Injection remote Exploit Spaine - 2003 use IO::Socket; if@ARGC 1=Alternate query\n\n"; exit0; ; $server = $ARGV0; $query = $ARGV1; $remote = IO::Socket::INET-newProto="tcp",PeerAddr=$server,PeerPort="21",Reuse=1 ...

0.4AI score
Exploits0
Exploit DB
Exploit DB
added 2003/06/19 12:0 a.m.66 views

ProFTPd 1.2.9 RC1 - 'mod_sql' SQL Injection

!/usr/bin/perl ProFTPD 1.2.9 rc1 modsql SQL Injection remote Exploit Spaine - 2003 use IO::Socket; if@ARGC 1=Alternate query\n\n"; exit0; ; $server = $ARGV0; $query = $ARGV1; $remote = IO::Socket::INET-newProto="tcp",PeerAddr=$server,PeerPort="21",Reuse=1 or die "Can't connect. \n"; ifdefined$lin...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2003/06/19 12:0 a.m.99 views

PostgreSQL Authentication Module (mod_sql) for ProFTPD USER Name Parameter SQL Injection

The remote FTP server is vulnerable to a SQL injection when it processes the USER command. An attacker may exploit this flaw to log into the remote host as any user. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid11768; scriptversion"1.21"; scriptcvsdate"Date:...

10CVSS5.8AI score0.18266EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2003/03/23 12:0 a.m.32 views

ProFTPD on Debian Linux postinst Installation Privilege Escalation

The following problems have been reported for the version of proftpd in Debian 2.2 potato: 1. There is a configuration error in the postinst script, when the user enters 'yes', when asked if anonymous access should be enabled. The postinst script wrongly leaves the 'run as uid/gid root'...

7.5CVSS5.4AI score0.05882EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2003/03/17 12:0 a.m.26 views

ProFTPD 1.2.0rc2 Malformed cwd Command Format String

The remote ProFTPd server is as old or older than 1.2.0rc2 There is a very hard to exploit format string vulnerability in this version that could allow an attacker to execute arbitrary code on this host. The vulnerability is believed to be nearly impossible to exploit though. C Tenable Network...

7.5CVSS5.8AI score0.11438EPSS
Exploits0References1
securityvulns
securityvulns
added 2002/12/12 12:0 a.m.28 views

proftpd <=1.2.7rc3 DoS

Hello, proftpd is vulnerable to denial of service similar to the list /..//..//../. !/bin/sh proftpd =1.2.7rc3 DoS - Requires anonymous/ftp login at least might work against many other FTP daemons consumes nearly all memory and alot of CPU tested against slackware 8.1 - proftpd 1.2.4 and 1.2.7rc3...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2002/12/11 12:0 a.m.18 views

prodos.sh

Hello, proftpd is vulnerable to denial of service similar to the list /..//..//../. !/bin/sh proftpd do this some more to make sure the system eventually dies cnt=25 while $cnt -gt 0 ; do ftp -n EOF& o $1 quote user $2 quote pass $3 quote stat /////// quit EOF let cnt=cnt-1 done sleep 2 killall -...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2002/12/09 12:0 a.m.16 views

ProFTPd 1.2.x - 'STAT' Denial of Service

source: https://www.securityfocus.com/bid/6341/info A denial of service vulnerability has been reported for ProFTPD. It is possible to cause ProFTPD from responding to legitimate requests for service by issuing specially crafted STAT commands. This will result in a denial of service condition...

7AI score
Exploits0
exploitpack
exploitpack
added 2002/12/09 12:0 a.m.9 views

ProFTPd 1.2.x - STAT Denial of Service

ProFTPd 1.2.x - STAT Denial of Service source: https://www.securityfocus.com/bid/6341/info A denial of service vulnerability has been reported for ProFTPD. It is possible to cause ProFTPD from responding to legitimate requests for service by issuing specially crafted STAT commands. This will resu...

7.3AI score
Exploits0
NVD
NVD
added 2001/12/31 5:0 a.m.15 views

CVE-2001-1500

ProFTPD 1.2.2rc2, and possibly other versions, does not properly verify reverse-resolved hostnames by performing forward resolution, which allows remote attackers to bypass ACLs or cause an incorrect client hostname to be logged...

7.5CVSS6.9AI score0.12449EPSS
Exploits0References5
NVD
NVD
added 2001/12/31 5:0 a.m.20 views

CVE-2001-1501

The glob functionality in ProFTPD 1.2.1, and possibly other versions allows remote attackers to cause a denial of service CPU and memory consumption via commands with large numbers of wildcard and other special characters, as demonstrated using an ls command with multiple 1 "/..", 2 "/.", or 3...

5CVSS7.1AI score0.38414EPSS
Exploits1References3
Cvelist
Cvelist
added 2001/09/18 4:0 a.m.23 views

CVE-2001-0136

Memory leak in ProFTPd 1.2.0rc2 allows remote attackers to cause a denial of service via a series of USER commands, and possibly SIZE commands if the server has been improperly installed...

6.7AI score0.44936EPSS
Exploits1References8
Cvelist
Cvelist
added 2001/09/18 4:0 a.m.31 views

CVE-2001-0456

postinst installation script for Proftpd in Debian 2.2 does not properly change the "run as uid/gid root" configuration when the user enables anonymous access, which causes the server to run at a higher privilege than intended...

6.4AI score0.05882EPSS
Exploits0References2
CVE
CVE
added 2001/09/18 4:0 a.m.66 views

CVE-2001-0456

Summary: CVE-2001-0456 affects ProFTPD in Debian 2.2 where the postinst script fails to properly adjust the “run as uid/gid root” setting when anonymous access is enabled, causing the server to run with elevated privileges. What’s affected: proftpd on Debian 2.2 (potato); issue in post-install co...

7.5CVSS6.5AI score0.05882EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2001/09/18 4:0 a.m.73 views

CVE-2001-0136

ProFTPD 1.2.0rc2 is affected by a memory leak that can be exploited to cause DoS via a sequence of USER commands and, if the server is installed with a writable scoreboard, possibly SIZE commands. Mandrake advisory notes the USER and SIZE leaks (SIZE only when scoreboard is writable) and mentions...

5CVSS6.8AI score0.44936EPSS
Exploits1References8Affected Software1
Cvelist
Cvelist
added 2001/09/12 4:0 a.m.20 views

CVE-1999-1475

ProFTPd 1.2 compiled with the modsqlpw module records user passwords in the wtmp log file, which allows local users to obtain the passwords and gain privileges by reading wtmp, e.g. via the last command...

6.4AI score0.04472EPSS
Exploits0References2
CVE
CVE
added 2001/09/12 4:0 a.m.45 views

CVE-1999-1475

CVE-1999-1475 covers ProFTPd 1.2 compiled with the mod_sqlpw module, where passwords are recorded in the wtmp log file. This allows a local user to read passwords (e.g., via the last command) and potentially obtain privileges. Root cause: unintended password exposure via wtmp logging. Exploitatio...

4.6CVSS6.8AI score0.04472EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2001/06/27 4:0 a.m.29 views

CVE-2001-0456

postinst installation script for Proftpd in Debian 2.2 does not properly change the "run as uid/gid root" configuration when the user enables anonymous access, which causes the server to run at a higher privilege than intended...

7.5CVSS6.4AI score0.05882EPSS
Exploits0References2
NVD
NVD
added 2001/06/02 4:0 a.m.21 views

CVE-2001-0318

Format string vulnerability in ProFTPD 1.2.0rc2 may allow attackers to execute arbitrary commands by shutting down the FTP server while using a malformed working directory cwd...

7.5CVSS7.3AI score0.11438EPSS
Exploits0References6
Rows per page
Query Builder