Lucene search
K
Proftpd ProjectProftpd

19 matches found

CVE
CVE
added 1999/09/29 4:0 a.m.137 views

CVE-1999-0368

The CVE-1999-0368 issue involves buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD that can lead to remote root access (palmetto). Red Hat’s entry reiterates the same vulnerability. Nessus plugin 10318 (WU-FTPD Multiple Vulnerabilities) and 10318’s description cite the overflow as enabling...

10CVSS6.7AI score0.39233EPSS
CVE
CVE
added 2009/02/12 4:0 p.m.124 views

CVE-2009-0542

ProFTPD is affected by CVE-2009-0542 and related CVEs. Affects ProFTPD Server 1.3.1–1.3.2rc2 where a percent character in the username can introduce a single quote during mod_sql variable substitution, enabling remote SQL execution. Connected documents also indicate older

7.5CVSS8.1AI score0.7473EPSS
CVE
CVE
added 2006/11/08 11:0 p.m.100 views

CVE-2006-5815

ProFTPD 1.3.0 and earlier is affected by a stack-based buffer overflow in the sreplace function, enabling remote exploitation (likely by authenticated users) to cause denial of service and potentially execute arbitrary code. Public evidence includes exploit modules (Metasploit) for ProFTPD 1.2–1....

10CVSS7.2AI score0.74254EPSS
Web
CVE
CVE
added 2008/09/25 7:0 p.m.99 views

CVE-2008-4242

CVE-2008-4242 concerns ProFTPD 1.3.1, where the server interprets long commands from an FTP client as multiple commands. This enables remote attackers to perform CSRF attacks and execute arbitrary FTP commands via a long ftp:// URI that reuses an existing browser/FTP client session. Connected rec...

6.8CVSS7.8AI score0.07066EPSS
CVE
CVE
added 2006/12/15 11:0 a.m.96 views

CVE-2006-6563

ProFTPD is affected by a local, stack-based buffer overflow in the mod_ctrls component. The vulnerability resides in the pr_ctrls_recv_request function (ctrls.c) of ProFTPD before 1.3.1rc1, where handling of a large reqarglen length value can allow a local attacker to execute arbitrary code. Affe...

6.6CVSS7.3AI score0.02298EPSS
CVE
CVE
added 2006/11/30 3:0 p.m.92 views

CVE-2006-6170

ProFTPD 1.3.0a and earlier are affected by buffer overflow vulnerabilities: CVE-2006-6170 (tls_x509_name_oneline in mod_tls) can allow remote code execution via a large data length; CVE-2006-5815 (sreplace) may also enable code execution via a crafted FTP sequence; CVE-2006-6171 relates to comman...

7.5CVSS7.5AI score0.17432EPSS
CVE
CVE
added 2007/04/22 7:0 p.m.80 views

CVE-2007-2165

CVE-2007-2165 affects ProFTPD prior to 20070417. When multiple authentication modules are configured, the authentication-check module need not be the same as the module that retrieves authentication data, potentially allowing remote attackers to bypass authentication (e.g., using SQLAuthTypes Pla...

5.1CVSS6.5AI score0.12516EPSS
CVE
CVE
added 2005/07/27 4:0 a.m.79 views

CVE-2005-2390

CVE-2005-2390 affects ProFTPD prior to 1.3.0rc2, where two format string vulnerabilities exist: one in the shutdown message generated by ftpshut and another in the mod_sql directive SQLShowInfo. The vulnerabilities can lead to information disclosure and a denial of service, with potential for arb...

6.4CVSS6.4AI score0.09198EPSS
CVE
CVE
added 2004/05/05 4:0 a.m.69 views

CVE-2004-0432

ProFTPD 1.2.9 contains a logic issue where CIDR-based ACL directives in Allow and Deny are treated as if they were AllowAll, effectively bypassing access restrictions. This vulnerability allows FTP clients to bypass intended controls and potentially access or modify files that should be restricte...

7.5CVSS6.4AI score0.09197EPSS
CVE
CVE
added 2006/11/30 3:0 p.m.67 views

CVE-2006-6171

ProFTPD 1.3.0a and earlier are affected by three CVEs in the provided docs: CVE-2006-5815 (sreplace function buffer overflow) may cause memory corruption with potential code execution or DoS; CVE-2006-6170 (mod_tls tls_x509_name_oneline overflow) enables remote code execution via a large data len...

7.5CVSS6AI score0.0959EPSS
CVE
CVE
added 2003/09/25 4:0 a.m.64 views

CVE-2003-0831

Summary (supported by provided docs): ProFTPD versions 1.2.7 through 1.2.9rc2 contain a vulnerability in the ASCII translation during file transfers, where 1024-byte ASCII translation checks mishandle newline characters. This can enable a remote attacker to cause a buffer overflow and execute arb...

9CVSS7.8AI score0.55119EPSS
CVE
CVE
added 2005/06/21 4:0 a.m.62 views

CVE-2001-1501

The CVE-2001-1501 entry concerns ProFTPD 1.2.1 (and possibly other versions) where the globbing logic can be abused by commands containing many wildcard or special characters. Reported changes: remote attackers can trigger a denial of service through CPU and memory exhaustion by crafting commands...

5CVSS7.2AI score0.38414EPSS
CVE
CVE
added 2003/07/04 4:0 a.m.57 views

CVE-2003-0500

Vulnerability: ProFTPD’s PostgreSQL authentication module (mod_sql_postgres) is affected in ProFTPD versions before 1.2.9rc1, due to a SQL injection via the USER name parameter. Impact: remote attackers could bypass authentication or steal passwords and gain privileges by executing arbitrary SQL....

10CVSS8.4AI score0.18266EPSS
CVE
CVE
added 2006/12/23 11:0 a.m.57 views

CVE-2005-4816

The CVE-2005-4816 issue affects ProFTPD: a buffer/ programming error in the Radius addon module (mod_radius) can be triggered by a long password, leading to remote denial of service and potential arbitrary code execution. Public sources enumerate affected behavior and versions: vulnerable before ...

7.5CVSS7.8AI score0.12583EPSS
CVE
CVE
added 2005/06/21 4:0 a.m.53 views

CVE-2001-1500

ProFTPD 1.2.2rc2 (and possibly other versions) is affected by a DNS validation issue where reverse-resolved hostnames are not properly verified via forward resolution. This can allow remote attackers to bypass access control lists or log an incorrect client hostname. The available connected docum...

7.5CVSS6.9AI score0.12449EPSS
CVE
CVE
added 2001/05/07 4:0 a.m.52 views

CVE-2001-0318

CVE-2001-0318 corresponds to a format-string vulnerability in ProFTPD 1.2.0rc2 that could allow an attacker to execute arbitrary commands by shutting down the FTP server while a malformed working directory (cwd) is in use. The vulnerability is remote and unauthenticated per the CVSS data, with At...

7.5CVSS7.3AI score0.11438EPSS
CVE
CVE
added 2001/02/02 5:0 a.m.48 views

CVE-2001-0027

The CVE-2001-0027 issue concerns the ProFTPD mod_sqlpw module where the cached password is not reset when a user issues the "user" command to switch accounts. This can allow an authenticated attacker to gain privileges of another user. The vulnerability affects the mod_sqlpw component within ProF...

7.5CVSS7.3AI score0.06492EPSS
CVE
CVE
added 2001/09/12 4:0 a.m.46 views

CVE-1999-1475

CVE-1999-1475 covers ProFTPd 1.2 compiled with the mod_sqlpw module, where passwords are recorded in the wtmp log file. This allows a local user to read passwords (e.g., via the last command) and potentially obtain privileges. Root cause: unintended password exposure via wtmp logging. Exploitatio...

4.6CVSS6.8AI score0.04472EPSS
CVE
CVE
added 2000/02/04 5:0 a.m.45 views

CVE-1999-0911

CVE-1999-0911 affects ProFTPD, wu-ftpd, and beroftpd. The vulnerability is a buffer overflow triggered by a sequence of MKD/CWD commands that create nested directories, allowing remote attackers to gain root privileges. Connected docs mention ProFTPD-related overflows (e.g., in 1.2.0pre4/pre6 var...

10CVSS7.3AI score0.38054EPSS