4 matches found
[SECURITY] [DSA 1689-1] New proftpd-dfsg packages fix Cross-Site Request Forgery
-------------------------------------------------------------------------- Debian Security Advisory DSA 1689-1 [email protected] http://www.debian.org/security/ Martin Schulze December 21st, 2008 http://www.debian.org/security/faq -...
CVE-2008-4242
ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery CSRF attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web...
CVE-2008-4242
ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery CSRF attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web...
CVE-2008-4242
CVE-2008-4242 concerns ProFTPD 1.3.1, where the server interprets long commands from an FTP client as multiple commands. This enables remote attackers to perform CSRF attacks and execute arbitrary FTP commands via a long ftp:// URI that reuses an existing browser/FTP client session. Connected rec...