Lucene search

K

5 matches found

CVE
CVE
added 2006/11/08 11:7 p.m.68 views

CVE-2006-5815

Stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0 and earlier allows remote attackers, probably authenticated, to cause a denial of service and execute arbitrary code, as demonstrated by vd_proftpd.pm, a "ProFTPD remote exploit."

10CVSS7.2AI score0.65643EPSS
CVE
CVE
added 2007/04/22 7:19 p.m.64 views

CVE-2007-2165

The Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which might allow remote attackers to bypass authentication, as demons...

5.1CVSS6.5AI score0.02146EPSS
CVE
CVE
added 2006/11/30 3:28 p.m.53 views

CVE-2006-6170

Buffer overflow in the tls_x509_name_oneline function in the mod_tls module, as used in ProFTPD 1.3.0a and earlier, and possibly other products, allows remote attackers to execute arbitrary code via a large data length argument, a different vulnerability than CVE-2006-5815.

7.5CVSS7.5AI score0.65643EPSS
CVE
CVE
added 2006/11/30 3:28 p.m.53 views

CVE-2006-6171

ProFTPD 1.3.0a and earlier does not properly set the buffer size limit when CommandBufferSize is specified in the configuration file, which leads to an off-by-two buffer underflow. NOTE: in November 2006, the role of CommandBufferSize was originally associated with CVE-2006-5815, but this was an er...

7.5CVSS6AI score0.65643EPSS
CVE
CVE
added 2001/02/12 5:0 a.m.35 views

CVE-2001-0027

mod_sqlpw module in ProFTPD does not reset a cached password when a user uses the "user" command to change accounts, which allows authenticated attackers to gain privileges of other users.

7.5CVSS7.3AI score0.0082EPSS