Siemens SIMATIC CP 1543-1 Embedded FTP server Improper Access Control (CVE-2019-12815)

An arbitrary file copy vulnerability in modcopy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

Siemens SIMATIC CP Out-of-Bounds Read (CVE-2020-9272)

ProFTPD 1.3.7 has an out-of-bounds OOB read vulnerability in modcap via the captext.c captotext function. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description...

Debian: Security Advisory (DSA-2606)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for proftpd (EulerOS-SA-2023-1536)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for proftpd (EulerOS-SA-2023-1561)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP10 : proftpd (EulerOS-SA-2023-1536)

According to the versions of the proftpd package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - modradius in ProFTPD before 1.3.7c allows memory disclosure to RADIUS servers because it copies blocks of 16 characters. CVE-2021-46854 Note tha...

EulerOS 2.0 SP10 : proftpd (EulerOS-SA-2023-1561)

According to the versions of the proftpd package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - modradius in ProFTPD before 1.3.7c allows memory disclosure to RADIUS servers because it copies blocks of 16 characters. CVE-2021-46854 Note tha...

SUSE CVE-2006-5815

Stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0 and earlier allows remote attackers, probably authenticated, to cause a denial of service and execute arbitrary code, as demonstrated by vdproftpd.pm, a "ProFTPD remote exploit."...

SUSE CVE-2009-0543

ProFTPD Server 1.3.1, with NLS support enabled, allows remote attackers to bypass SQL injection protection mechanisms via invalid, encoded multibyte characters, which are not properly handled in 1 modsqlmysql and 2 modsqlpostgres...

SUSE CVE-2009-0542

SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 allows remote attackers to execute arbitrary SQL commands via a "%" percent character in the username, which introduces a "'" single quote character during variable substitution by modsql...

SUSE CVE-2009-3639

The modtls module in ProFTPD before 1.3.2b, and 1.3.3 before 1.3.3rc2, when the dNSNameRequired TLS option is enabled, does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 client certificate, which allows remote attackers to bypass intended...

SUSE CVE-2010-3867

Multiple directory traversal vulnerabilities in the modsitemisc module in ProFTPD before 1.3.3c allow remote authenticated users to create directories, delete directories, create symlinks, and modify file timestamps via directory traversal sequences in a 1 SITE MKDIR, 2 SITE RMDIR, 3 SITE SYMLINK...

SUSE CVE-2010-4051

The regcomp implementation in the GNU C Library aka glibc or libc6 through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service application crash via a regular expression containing adjacent bounded repetitions that bypass the intended REDUPMAX...

SUSE CVE-2011-1137

Integer overflow in the modsftp aka SFTP module in ProFTPD 1.3.3d and earlier allows remote attackers to cause a denial of service memory consumption leading to OOM kill via a malformed SSH message...

SUSE CVE-2011-4130

Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data transfer...

SUSE CVE-2012-6095

ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the 1 MKD or 2 XMKD commands...

SUSE CVE-2013-4359

Integer overflow in kbdint.c in modsftp in ProFTPD 1.3.4d and 1.3.5r3 allows remote attackers to cause a denial of service memory consumption via a large response count value in an authentication request, which triggers a large memory allocation...

SUSE CVE-2015-3306

The modcopy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands...

SUSE CVE-2016-3125

The modtls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman DH key to be used and consequently allow attackers to have unspecified impact via unknown vectors...

SUSE CVE-2017-7418

ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass th...