Lucene search
K

8 matches found

NVD
NVD
added 2026/06/24 2:17 p.m.11 views

CVE-2026-35025

ProFTPD through 1.3.9b and 1.3.10rc2 contains an access control bypass vulnerability that allows authenticated FTP users to circumvent Directory ACL restrictions by prefixing paths with /proc/self/root in the RNFR command handler. Attackers can exploit the unresolved symlink components in...

8.6CVSS0.00331EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/24 1:21 p.m.41 views

CVE-2026-35025 ProFTPD ACL Bypass via /proc/self/root Path Prefix in RNFR

ProFTPD through 1.3.9b and 1.3.10rc2 contains an access control bypass vulnerability that allows authenticated FTP users to circumvent Directory ACL restrictions by prefixing paths with /proc/self/root in the RNFR command handler. Attackers can exploit the unresolved symlink components in...

8.6CVSS0.00331EPSS
Exploits0References3
seebug.org
seebug.org
added 2016/07/27 12:0 a.m.22 views

Thousand OA /defaultroot/public/editor/tpsc. jsp file upload vulnerability

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/05/05 12:0 a.m.19 views

万户OA /defaultroot/work_flow/formOptJSPUpload.jsp 文件上传漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/09/28 12:0 a.m.336 views

万户OA defaultroot/download_ftp.jsp 任意文件下载漏洞

No description provided by source...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2013/01/31 12:0 a.m.33 views

Fedora 18 : proftpd-1.3.4b-5.fc18 (2013-0437)

Jann Horn reported that there is a possible race condition in the handling of the MKD/XMKD FTP commands, when the UserOwner directive is involved, and the attacker is on the same physical machine as a running proftpd. This race applies to modsftp and the handling of the MKDIR SFTP request as well...

1.2CVSS5.3AI score0.00693EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2013/01/31 12:0 a.m.41 views

Fedora 16 : proftpd-1.3.4b-5.fc16 (2013-0468)

Jann Horn reported that there is a possible race condition in the handling of the MKD/XMKD FTP commands, when the UserOwner directive is involved, and the attacker is on the same physical machine as a running proftpd. This race applies to modsftp and the handling of the MKDIR SFTP request as well...

1.2CVSS5.3AI score0.00693EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2013/01/31 12:0 a.m.27 views

Fedora 17 : proftpd-1.3.4b-5.fc17 (2013-0483)

Jann Horn reported that there is a possible race condition in the handling of the MKD/XMKD FTP commands, when the UserOwner directive is involved, and the attacker is on the same physical machine as a running proftpd. This race applies to modsftp and the handling of the MKDIR SFTP request as well...

1.2CVSS5.3AI score0.00693EPSS
Exploits0References4
Rows per page
Query Builder