Debian DSA-1689-1 : proftpd-dfsg - missing input validation
Maksymilian Arciemowicz of securityreason.com reported that ProFTPD is vulnerable to cross-site request forgery CSRF attacks and executes arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser. %NASLMINLEVEL 70300 C...