1565 matches found
EUVD-2024-53576
Malicious code in bioql PyPI...
ProFTPD < 1.3.8c Access Control Vulnerability
ProFTPD is prone to an access control vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:proftpd:proftpd";...
ProFTPD <= 1.3.9 Buffer Overflow Vulnerability
ProFTPD is prone to a buffer overflow vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:proftpd:proftpd";...
ProFTPD < 1.3.8b OpenSSH Terrapin Attack
ProFTPD is prone to the SSH SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:proftpd:proftpd"; ifdescription...
ProFTPD Detection Consolidation
Consolidation of ProFTPD detections. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description scriptoid"1.3.6.1.4.1.25623.1.0.155379";...
GLSA-202509-06 : ProFTPd: SSH Terrapin vulnerability
The remote host is affected by the vulnerability described in GLSA-202509-06 ProFTPd: SSH Terrapin vulnerability A vulnerability has been discovered in ProFTPd. Please review the CVE identifier referenced below for details. Tenable has extracted the preceding description block directly from the...
ProFTPd: SSH Terrapin vulnerability
Background ProFTPD is an advanced and very configurable FTP server. Description A vulnerability has been discovered in ProFTPd. Please review the CVE identifier referenced below for details. Impact The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other...
Linux Distros Unpatched Vulnerability : CVE-2021-46854
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - modradius in ProFTPD before 1.3.7c allows memory disclosure to RADIUS servers because it copies blocks of 16 characters. CVE-2021-46854 Note that Nessus relies ...
OESA-2025-2083 proftpd security update
ProFTPD is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based...
Linux Distros Unpatched Vulnerability : CVE-2019-19271
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in tlsverifycrl in ProFTPD before 1.3.6. A wrong iteration variable, used when checking a client certificate against CRL entries install...
Linux Distros Unpatched Vulnerability : CVE-2019-19269
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in tlsverifycrl in ProFTPD through 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL...
Linux Distros Unpatched Vulnerability : CVE-2020-9273
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in allocpool in pool.c, an...
Linux Distros Unpatched Vulnerability : CVE-2023-51713
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - makeftpcmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash semantics...
Linux Distros Unpatched Vulnerability : CVE-2019-19272
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in tlsverifycrl in ProFTPD before 1.3.6. Direct dereference of a NULL pointer a variable initialized to NULL leads to a crash when...
Linux Distros Unpatched Vulnerability : CVE-2019-19270
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in tlsverifycrl in ProFTPD through 1.3.6b. Failure to check for the appropriate field of a CRL entry checking twice for subject, rather...
Linux Distros Unpatched Vulnerability : CVE-2019-12815
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An arbitrary file copy vulnerability in modcopy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a...
Linux Distros Unpatched Vulnerability : CVE-2016-3125
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The modtls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than...
Linux Distros Unpatched Vulnerability : CVE-2017-7418
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks...
SUSE CVE-2010-20103
A malicious backdoor was embedded in the official ProFTPD 1.3.3c source tarball distributed between November 28 and December 2, 2010. The backdoor implements a hidden FTP command trigger that, when invoked, causes the server to execute arbitrary shell commands with root privileges. This allows...
Hidden Functionality
Overview Affected versions of this package are vulnerable to Hidden Functionality via a hidden FTP command trigger in the process. An attacker can execute arbitrary shell commands with root privileges by sending a specially crafted FTP command. Remediation Upgrade proftpd/proftpd to version 1.3.3...