CVE-2009-0542

SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 allows remote attackers to execute arbitrary SQL commands via a "%" percent character in the username, which introduces a "'" single quote character during variable substitution by modsql...

CVE-2009-0542

SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 allows remote attackers to execute arbitrary SQL commands via a "%" percent character in the username, which introduces a "'" single quote character during variable substitution by modsql...

CVE-2009-0542

ProFTPD is affected by CVE-2009-0542 and related CVEs. Affects ProFTPD Server 1.3.1–1.3.2rc2 where a percent character in the username can introduce a single quote during mod_sql variable substitution, enabling remote SQL execution. Connected documents also indicate older

ProFTPd 1.3 - 'mod_sql' 'Username' SQL Injection

source: https://www.securityfocus.com/bid/33722/info ProFTPD is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to manipulate SQL queries, modify data, or exploit...

proftpd -- multiple sql injection vulnerabilities

Secunia reports: Some vulnerabilities have been reported in ProFTPD, which can be exploited by malicious people to conduct SQL injection attacks. The application improperly sets the character encoding prior to performing SQL queries. This can be exploited to manipulate SQL queries by injecting...

Debian Security Advisory DSA 795-2 (proftpd)

The remote host is missing an update to proftpd announced via advisory DSA 795-2. OpenVAS Vulnerability Test $Id: deb7952.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 795-2 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

CVE-2007-2165

The Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which might allow remote attackers to bypass authentication, as...

Authentication flaw

The Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which might allow remote attackers to bypass authentication, as...

CVE-2007-2165

The Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which might allow remote attackers to bypass authentication, as...

CVE-2007-2165

The Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which might allow remote attackers to bypass authentication, as...

CVE-2007-2165

CVE-2007-2165 affects ProFTPD prior to 20070417. When multiple authentication modules are configured, the authentication-check module need not be the same as the module that retrieves authentication data, potentially allowing remote attackers to bypass authentication (e.g., using SQLAuthTypes Pla...

ProFTPD AUTH多个验证模块安全绕过漏洞

proftpd是一款流行的开放源代码的FTP服务程序。 proftpd在AUTH API上存在一个错误，远程攻击者可以利用漏洞可以绕过安全限制，未授权访问。 由于FTP协议需要分开USER和PASS命令，ProFTPD独立的通过USER对用户数据进行检查，而当PASS接收到时对用户的验证进行校验。因此这些组合使ProFTPD允许多个同步Auth模块存在如modauthunix, modsql, modldap，可能导致某个验证模块提供用户数据modauthunix而另一个模块验证用户数据如modsql. 当验证模块modsql配置成使用底限制的验证策略，如： SQLAuthTypes...

ProFTPD 1.2.9RC1 (mod_sql) Remote SQL Injection Exploit

No description provided by source. !/usr/bin/perl ProFTPD 1.2.9 rc1 modsql SQL Injection remote Exploit Spaine - 2003 use IO::Socket; if@ARGC2 print "\nProof Of Concept Sql Inject on ProFTPD\n"; print "Usage: perl poc-sqlftp target 1=Alternate query\n\n"; exit0; ; $server = $ARGV0; $query = $ARGV...

FreeBSD : proftpd -- format string vulnerabilities (c28f4705-043f-11da-bc08-0001020eed82)

The ProFTPD release notes states : sean found two format string vulnerabilities, one in modsql's SQLShowInfo directive, and one involving the 'ftpshut' utility. Both can be considered low risk, as they require active involvement on the part of the site administrator in order to be exploited. Thes...

Mandrake Linux Security Advisory : proftpd (MDKSA-2005:140)

Two format string vulnerabilities were discovered in ProFTPD. The first exists when displaying a shutdown message containin the name of the current directory. This could be exploited by a user who creates a directory containing format specifiers and sets the directory as the current directory whe...

Debian DSA-795-2 : proftpd - potential code execution

infamous42md reported that proftpd suffers from two format string vulnerabilities. In the first, a user with the ability to create a directory could trigger the format string error if there is a proftpd shutdown message configured to use the '%C', '%R', or '%U' variables. In the second, the error...

[SECURITY] [DSA 795-2] Updated i386 proftpd packages fix format string vulnerability

-------------------------------------------------------------------------- Debian Security Advisory DSA 795-2 [email protected] http://www.debian.org/security/ Michael Stone September 2, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 795-2] Updated i386 proftpd packages fix format string vulnerability

-------------------------------------------------------------------------- Debian Security Advisory DSA 795-2 [email protected] http://www.debian.org/security/ Michael Stone September 2, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 795-1] New proftpd packages fix format string vulnerability

-------------------------------------------------------------------------- Debian Security Advisory DSA 795-1 [email protected] http://www.debian.org/security/ Michael Stone September 1st, 2005 http://www.debian.org/security/faq -...

DSA-795-2 proftpd - format string error

Bulletin has no description...