CVE-2021-47865

ProFTPD 1.3.7a contains a denial of service vulnerability that allows attackers to overwhelm the server by creating multiple simultaneous FTP connections. Attackers can repeatedly establish connections using threading to exhaust server connection limits and block legitimate user access...

EUVD-2010-5301

Malware in sbrugna...

ProFTPD < 1.3.8b OpenSSH Terrapin Attack

ProFTPD is prone to the SSH SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:proftpd:proftpd"; ifdescription...

Linux Distros Unpatched Vulnerability : CVE-2023-51713

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - makeftpcmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash semantics...

CVE-2010-20103

The CVE-2010-20103 issue concerns ProFTPD 1.3.3c, where a backdoor was embedded in the official source tarball (distributed between 2010-11-28 and 2010-12-02). The backdoor provides a hidden FTP command trigger allowing remote, unauthenticated attackers to execute arbitrary shell commands with ro...

PT-2025-34100 · Undefined · Undefined

A malicious backdoor was embedded in the official ProFTPD 1.3.3c source tarball distributed between November 28 and December 2, 2010. The backdoor implements a hidden FTP command trigger that, when invoked, causes the server to execute arbitrary shell commands with root privileges. This allows...

CVE-2008-7265

The prdataxfer function in ProFTPD before 1.3.2rc3 allows remote authenticated users to cause a denial of service CPU consumption via an ABOR command during a data transfer...

DEBIAN-CVE-2008-4242

ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery CSRF attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web...

DEBIAN-CVE-2006-6170

Buffer overflow in the tlsx509nameoneline function in the modtls module, as used in ProFTPD 1.3.0a and earlier, and possibly other products, allows remote attackers to execute arbitrary code via a large data length argument, a different vulnerability than CVE-2006-5815...

ProFTPd 1.2.10 - Remote Users Enumeration

ProFTPd 1.2.10 - Remote Users Enumeration / Details Vulnerable Systems: ProFTPD Version 1.2.10 and below It is possible to determine which user names are valid, which are special, and which ones do not exist on the remote system. This can be accomplished by code execution path timing analysis...

CVE-2004-0432

ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL entries as if they were AllowAll, which could allow FTP clients to bypass intended access restrictions...

ProFTPD 1.2.0rc2 Malformed cwd Command Format String

The remote ProFTPd server is as old or older than 1.2.0rc2 There is a very hard to exploit format string vulnerability in this version that could allow an attacker to execute arbitrary code on this host. The vulnerability is believed to be nearly impossible to exploit though. C Tenable Network...