Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
proftpd project vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2004-0432
ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL entries as if they were AllowAll, which could allow FTP clients to bypass intended access restrictions.
Proftpd Project Proftpd 1.2.9
Gentoo Linux 1.1a
Gentoo Linux 1.2
Gentoo Linux 1.4
Trustix Secure Linux 2.0
Gentoo Linux 0.5
Gentoo Linux 0.7
Trustix Secure Linux 2.1
7.5
CVSSv2
CVE-2001-1500
ProFTPD 1.2.2rc2, and possibly other versions, does not properly verify reverse-resolved hostnames by performing forward resolution, which allows remote malicious users to bypass ACLs or cause an incorrect client hostname to be logged.
Proftpd Project Proftpd 1.2 Pre10
Proftpd Project Proftpd 1.2 Pre11
Proftpd Project Proftpd 1.2 Pre8
Proftpd Project Proftpd 1.2 Pre9
Proftpd Project Proftpd 1.2.2 Rc1
Proftpd Project Proftpd 1.2.2 Rc2
Proftpd Project Proftpd 1.2 Pre1
Proftpd Project Proftpd 1.2 Pre6
Proftpd Project Proftpd 1.2 Pre7
Proftpd Project Proftpd 1.2
Proftpd Project Proftpd 1.2.0 Rc3
Proftpd Project Proftpd 1.2 Pre2
Proftpd Project Proftpd 1.2 Pre3
Proftpd Project Proftpd 1.2.1
Proftpd Project Proftpd 1.2.2
Proftpd Project Proftpd 1.2 Pre4
Proftpd Project Proftpd 1.2 Pre5
7.5
CVSSv2
CVE-2001-0318
Format string vulnerability in ProFTPD 1.2.0rc2 may allow malicious users to execute arbitrary commands by shutting down the FTP server while using a malformed working directory (cwd).
Proftpd Project Proftpd 1.2.0 Rc2
7.5
CVSSv2
CVE-2001-0027
mod_sqlpw module in ProFTPD does not reset a cached password when a user uses the "user" command to change accounts, which allows authenticated malicious users to gain privileges of other users.
Proftpd Project Proftpd
6.8
CVSSv2
CVE-2011-0411
The STARTTLS implementation in Postfix 2.4.x prior to 2.4.16, 2.5.x prior to 2.5.12, 2.6.x prior to 2.6.9, and 2.7.x prior to 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle malicious users to insert commands into encrypted SMTP sessions by sending ...
Postfix Postfix 2.4
Postfix Postfix 2.4.4
Postfix Postfix 2.4.0
Postfix Postfix 2.4.9
Postfix Postfix 2.4.8
Postfix Postfix 2.4.6
Postfix Postfix 2.4.5
Postfix Postfix 2.4.14
Postfix Postfix 2.4.15
Postfix Postfix 2.4.3
Postfix Postfix 2.4.2
Postfix Postfix 2.4.10
Postfix Postfix 2.4.11
Postfix Postfix 2.4.1
Postfix Postfix 2.4.7
Postfix Postfix 2.4.12
Postfix Postfix 2.4.13
Postfix Postfix 2.5.0
Postfix Postfix 2.5.8
Postfix Postfix 2.5.9
Postfix Postfix 2.5.6
Postfix Postfix 2.5.7
6.8
CVSSv2
CVE-2009-0543
ProFTPD Server 1.3.1, with NLS support enabled, allows remote malicious users to bypass SQL injection protection mechanisms via invalid, encoded multibyte characters, which are not properly handled in (1) mod_sql_mysql and (2) mod_sql_postgres.
Proftpd Proftpd 1.3.1
1 EDB exploit
1 Github repository
6.8
CVSSv2
CVE-2008-4242
ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote malicious users to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client...
Proftpd Project Proftpd 1.3.1
6.6
CVSSv2
CVE-2006-6563
Stack-based buffer overflow in the pr_ctrls_recv_request function in ctrls.c in the mod_ctrls module in ProFTPD prior to 1.3.1rc1 allows local users to execute arbitrary code via a large reqarglen length value.
Proftpd Project Proftpd 1.3.0
Proftpd Project Proftpd 1.3.0a
4 EDB exploits
6.4
CVSSv2
CVE-2005-2390
Multiple format string vulnerabilities in ProFTPD prior to 1.3.0rc2 allow malicious users to cause a denial of service or obtain sensitive information via (1) certain inputs to the shutdown message from ftpshut, or (2) the SQLShowInfo mod_sql directive.
Proftpd Project Proftpd 1.2.0 Rc1
Proftpd Project Proftpd 1.2.0 Rc2
Proftpd Project Proftpd 1.2.10 Rc3
Proftpd Project Proftpd 1.2.2
Proftpd Project Proftpd 1.2.0 Rc3
Proftpd Project Proftpd 1.2.1
Proftpd Project Proftpd 1.2.2 Rc2
Proftpd Project Proftpd 1.2.2 Rc3
Proftpd Project Proftpd 1.2.6
Proftpd Project Proftpd 1.2.6 Rc1
Proftpd Project Proftpd 1.2.8
Proftpd Project Proftpd 1.2.8 Rc1
Proftpd Project Proftpd 1.2.0 Pre10
Proftpd Project Proftpd 1.2.0 Pre9
Proftpd Project Proftpd 1.2.10 Rc1
Proftpd Project Proftpd 1.2.10 Rc2
Proftpd Project Proftpd 1.2.5
Proftpd Project Proftpd 1.2.5 Rc1
Proftpd Project Proftpd 1.2.7
Proftpd Project Proftpd 1.2.7 Rc1
Proftpd Project Proftpd 1.2.9 Rc1
Proftpd Project Proftpd 1.2.9 Rc2
5.1
CVSSv2
CVE-2007-2165
The Auth API in ProFTPD prior to 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which might allow remote malicious users to bypas...
Proftpd Project Proftpd
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-34377
CVE-2024-20859
CVE-2023-49606
inject
arbitrary
CVE-2024-33788
CVE-2024-30973
IDOR
CVE-2024-33907
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »