8 matches found
CVE-2026-35025
ProFTPD through 1.3.9b and 1.3.10rc2 contains an access control bypass vulnerability that allows authenticated FTP users to circumvent Directory ACL restrictions by prefixing paths with /proc/self/root in the RNFR command handler. Attackers can exploit the unresolved symlink components in...
CVE-2026-35025 ProFTPD ACL Bypass via /proc/self/root Path Prefix in RNFR
ProFTPD through 1.3.9b and 1.3.10rc2 contains an access control bypass vulnerability that allows authenticated FTP users to circumvent Directory ACL restrictions by prefixing paths with /proc/self/root in the RNFR command handler. Attackers can exploit the unresolved symlink components in...
Thousand OA /defaultroot/public/editor/tpsc. jsp file upload vulnerability
No description provided by source...
万户OA /defaultroot/work_flow/formOptJSPUpload.jsp 文件上传漏洞
No description provided by source...
万户OA defaultroot/download_ftp.jsp 任意文件下载漏洞
No description provided by source...
Fedora 18 : proftpd-1.3.4b-5.fc18 (2013-0437)
Jann Horn reported that there is a possible race condition in the handling of the MKD/XMKD FTP commands, when the UserOwner directive is involved, and the attacker is on the same physical machine as a running proftpd. This race applies to modsftp and the handling of the MKDIR SFTP request as well...
Fedora 16 : proftpd-1.3.4b-5.fc16 (2013-0468)
Jann Horn reported that there is a possible race condition in the handling of the MKD/XMKD FTP commands, when the UserOwner directive is involved, and the attacker is on the same physical machine as a running proftpd. This race applies to modsftp and the handling of the MKDIR SFTP request as well...
Fedora 17 : proftpd-1.3.4b-5.fc17 (2013-0483)
Jann Horn reported that there is a possible race condition in the handling of the MKD/XMKD FTP commands, when the UserOwner directive is involved, and the attacker is on the same physical machine as a running proftpd. This race applies to modsftp and the handling of the MKDIR SFTP request as well...