5 matches found
CVE-2021-3618
ALPACA (CVE-2021-3618) is an application-layer protocol content confusion attack affecting multiple assets (e.g., nginx, vsftpd, sendmail) where TLS servers configured for different protocols with compatible certificates can allow a MITM attacker to redirect subdomain traffic to another, potentia...
CVE-2011-2523
CVE-2011-2523 affects vsftpd 2.3.4, where a compromised distribution contained a backdoor that, when a login uses a username including :), opens a root shell on TCP port 6200. Public PoCs and exploits (e.g., OS command injection/backdoor modules) demonstrate remote command execution via the backd...
CVE-2021-30047
CVE-2021-30047 affects vsftpd 3.0.3, where a denial-of-service condition can be triggered by a limited number of concurrent connections. The vulnerability arises in VSFTPD and is confirmed across multiple sources; Red Hat advisories indicate unpatched status for various RHEL versions, and Nessus ...
CVE-2015-1419
The CVE-2015-1419 vulnerability affects vsftpd 3.0.2 and earlier, enabling remote bypass of access restrictions via the deny_file parsing logic. The root cause is improper handling of the deny_file option, which could allow unauthorized access under certain conditions. Public references in the co...
CVE-2011-0762
The CVE-2011-0762 issue affects vsftpd prior to a patched release, where the vsftpd GET path handling of glob patterns in STAT commands is flawed. The function vsf_filename_passes_filter in ls.c can be triggered by crafted glob expressions in STAT commands across multiple FTP sessions, enabling r...