ROS-20250121-05

A vulnerability in the modsql component of the ProFTPD FTP server is related to privilege management errors. Exploitation of the vulnerability could allow an attacker acting remotely to elevate his privileges to the root user...

SUSE CVE-2024-48651

In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access to GID 0 because of the lack of supplemental groups from modsql...

CVE-2024-48651

In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access to GID 0 because of the lack of supplemental groups from modsql...

CVE-2024-48651

In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access to GID 0 because of the lack of supplemental groups from modsql...

UBUNTU-CVE-2024-48651

In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access to GID 0 because of the lack of supplemental groups from modsql...

CVE-2024-48651

In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access to GID 0 because of the lack of supplemental groups from modsql...

CVE-2024-48651

CVE-2024-48651 affects ProFTPD up to 1.3.8b prior to the commit cec01cc, where supplemental group inheritance can grant unintended access to GID 0 due to the absence of supplemental groups from mod_sql. Nessus advisories and public references describe the issue in ProFTPD across multiple vendor a...

CVE-2024-48651

In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access to GID 0 because of the lack of supplemental groups from modsql...

CVE-2024-48651

In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access to GID 0 because of the lack of supplemental groups from modsql...

Heap overflow

Heap-based buffer overflow in the sqlpreparewhere function contrib/modsql.c in ProFTPD before 1.3.3d, when modsql is enabled, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted username containing substitution tags, which are not properly...

CVE-2010-4652

Heap-based buffer overflow in the sqlpreparewhere function contrib/modsql.c in ProFTPD before 1.3.3d, when modsql is enabled, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted username containing substitution tags, which are not properly...

CVE-2010-4652

Heap-based buffer overflow in the sqlpreparewhere function contrib/modsql.c in ProFTPD before 1.3.3d, when modsql is enabled, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted username containing substitution tags, which are not properly...

CVE-2010-4652

Heap-based buffer overflow in the sqlpreparewhere function contrib/modsql.c in ProFTPD before 1.3.3d, when modsql is enabled, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted username containing substitution tags, which are not properly...

CVE-2010-4652

ProFTPD (with mod_sql) is affected by CVE-2010-4652: a heap-based buffer overflow in sql_prepare_where in contrib/mod_sql.c can be triggered by a crafted username containing substitution tags, leading to a crash or potential arbitrary code execution. The issue is in ProFTPD versions prior to 1.3....

Fedora 14 : proftpd-1.3.3d-1.fc14 (2011-0610)

This is an update to the current upstream maintenance release, which addresses a security issue that could affect users of the modsql module not enabled by default. - A heap-based buffer overflow flaw was found in the way ProFTPD FTP server prepared SQL queries for certain usernames, when the...

ProFTPD < 1.3.3d 'mod_sql' Buffer Overflow

The remote host is using ProFTPD, a free FTP server for Unix and Linux. According to its banner, the version of ProFTPD installed on the remote host is earlier than 1.3.3d. Such versions are reportedly affected by a heap-based buffer overflow vulnerability in the function 'sqlpreparewhere' in the...

Preemptive Protection against ProFTPD with mod_sql pre-authentication Vulnerability

A pre-authentication remote root heap overflow vulnerability was reported in the ProFTPD FTP Server. ProFTPD is a configurable GPL-licensed FTP server software...

Mandriva Update for proftpd MDKA-2007:089 (proftpd)

Check for the Version of proftpd OpenVAS Vulnerability Test Mandriva Update for proftpd MDKA-2007:089 proftpd Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

FreeBSD : proftpd -- multiple sql injection vulnerabilities (ca0841ff-1254-11de-a964-0030843d3802)

Secunia reports : Some vulnerabilities have been reported in ProFTPD, which can be exploited by malicious people to conduct SQL injection attacks. The application improperly sets the character encoding prior to performing SQL queries. This can be exploited to manipulate SQL queries by injecting...

ProFTPD mod_sql用户名SQL注入漏洞

BUGTRAQ ID: 33722 ProFTPD是一款开放源代码FTP服务程序。 ProFTPD的SQL认证模块没有正确地处理百分号字符（%）。在modsql查询中，可使用百分号表示变量。当modsql模块查找到百分号时，就会试图用变量替换，这就改变了基本查询的用户名。例如，对于用户名tj%string.com，由于会使用FTP响应状态替换百分号，但不存在状态值，因此会使用默认的“-”字符串，这个用户名最终变为tj-tring.com。 ProFTPD Project ProFTPD 1.3.2 ProFTPD Project ProFTPD 1.3.1 厂商补丁： ProFTPD...