1563 matches found
CVE-2026-44331
ProFTPD vulnerable: versions up to 1.3.9a before 7666224 are affected by a SQL injection in sqltab_fetch_clients_cb() (contrib/mod_wrap2_sql.c). An attacker can inject arbitrary SQL via a crafted domain name accessed during reverse DNS lookups when UseReverseDNS is enabled, because the attacker-s...
CVE-2026-44331
In ProFTPD through 1.3.9a before 7666224, a SQL injection vulnerability in sqltabfetchclientscb in contrib/modwrap2sql.c allows a remote attacker to inject arbitrary SQL commands via a crafted domain name that is accessed in a reverse DNS lookup. When "UseReverseDNS on" is enabled, the...
CVE-2026-44331
In ProFTPD through 1.3.9a before 7666224, a SQL injection vulnerability in sqltabfetchclientscb in contrib/modwrap2sql.c allows a remote attacker to inject arbitrary SQL commands via a crafted domain name that is accessed in a reverse DNS lookup. When "UseReverseDNS on" is enabled, the...
ProFTPD SQL注入漏洞
ProFTPD is an open-source FTP server software with high configurability developed by ProFTPD. Versions prior to ProFTPD 1.3.9a contained a SQL injection vulnerability. This vulnerability stems from the sqltabFetchClientsCB function in contrib/modwrap2sql.c. When the option “UseReverseDNS on” is...
PT-2026-37238
Name of the Vulnerable Software and Affected Versions ProFTPD versions prior to 1.3.9a 7666224 Description A SQL injection issue exists in the sqltab fetch clients cb function within contrib/mod wrap2 sql.c. When the "UseReverseDNS on" setting is enabled, a remote attacker can inject arbitrary SQ...
Exploit for CVE-2026-42167
CVE-2026-42167: SQL Injection en ProFTPD modsql 📋 Resumen...
OESA-2026-2159 proftpd security update
ProFTPD is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based...
OESA-2026-2158 proftpd security update
ProFTPD is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based...
Exploit for CVE-2026-42167
Description This repository contains a functional exploit for...
Exploit for CVE-2026-42167
CVE-2026-42167 Master Exploit Tool A professional security re...
Exploit for CVE-2026-42167
\ CVE-2026-42167 POC Pre-Authentication Remote Code Executio...
SUSE CVE-2026-42167
modsql in ProFTPD before 1.3.9a allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backend allows commands e.g., COPY TO PROGRAM...
Exploit for CVE-2026-42167
CVE-2026-42167 — ProFTPD modsql SQL Injection / Auth Bypass...
Linux Distros Unpatched Vulnerability : CVE-2026-42167
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - modsql in ProFTPD before 1.3.9a allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an...
CVE-2026-42167
modsql in ProFTPD before 1.3.9a allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backend allows commands e.g., COPY TO PROGRAM...
Exploit for CVE-2026-42167
ProFTPD Vulnerability POCs Proof-of-concept demonstrations fo...
[slackware-security] proftpd
New proftpd packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/proftpd-1.3.9a-i586-1slack15.0.txz: Upgraded. Fix for an SQL injection that may lead to authentication bypass, privilege escalation,...
CVE-2026-42167
modsql in ProFTPD before 1.3.9a allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backend allows commands e.g., COPY TO PROGRAM...
Slackware Linux 15.0 / current proftpd Vulnerability (SSA:2026-118-01)
The version of proftpd installed on the remote host is prior to 1.3.9a. It is, therefore, affected by a vulnerability as referenced in the SSA:2026-118-01 advisory. New proftpd packages are available for Slackware 15.0 and -current to fix a security issue. Tenable has extracted the preceding...
CVE-2026-42167
modsql in ProFTPD before 1.3.9a allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backend allows commands e.g., COPY TO PROGRAM...