Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
proftpd project vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2001-0027
mod_sqlpw module in ProFTPD does not reset a cached password when a user uses the "user" command to change accounts, which allows authenticated malicious users to gain privileges of other users.
Proftpd Project Proftpd
NA
CVE-2006-5815
Stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0 and previous versions allows remote attackers, probably authenticated, to cause a denial of service and execute arbitrary code, as demonstrated by vd_proftpd.pm, a "ProFTPD remote exploit."
Proftpd Project Proftpd
2 EDB exploits
NA
CVE-2001-0318
Format string vulnerability in ProFTPD 1.2.0rc2 may allow malicious users to execute arbitrary commands by shutting down the FTP server while using a malformed working directory (cwd).
Proftpd Project Proftpd 1.2.0 Rc2
NA
CVE-2001-1501
The glob functionality in ProFTPD 1.2.1, and possibly other versions allows remote malicious users to cause a denial of service (CPU and memory consumption) via commands with large numbers of wildcard and other special characters, as demonstrated using an ls command with multiple...
Proftpd Project Proftpd 1.2.1
1 EDB exploit
NA
CVE-2008-4242
ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote malicious users to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client...
Proftpd Project Proftpd 1.3.1
NA
CVE-1999-1475
ProFTPd 1.2 compiled with the mod_sqlpw module records user passwords in the wtmp log file, which allows local users to obtain the passwords and gain privileges by reading wtmp, e.g. via the last command.
Proftpd Project Proftpd 1.2
NA
CVE-2003-0500
SQL injection vulnerability in the PostgreSQL authentication module (mod_sql_postgres) for ProFTPD prior to 1.2.9rc1 allows remote malicious users to execute arbitrary SQL and gain privileges by bypassing authentication or stealing passwords via the USER name.
Proftpd Project Proftpd 1.2.9 Rc1
1 EDB exploit
NA
CVE-2009-0543
ProFTPD Server 1.3.1, with NLS support enabled, allows remote malicious users to bypass SQL injection protection mechanisms via invalid, encoded multibyte characters, which are not properly handled in (1) mod_sql_mysql and (2) mod_sql_postgres.
Proftpd Proftpd 1.3.1
1 EDB exploit
1 Github repository
NA
CVE-2004-0432
ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL entries as if they were AllowAll, which could allow FTP clients to bypass intended access restrictions.
Proftpd Project Proftpd 1.2.9
Gentoo Linux 1.1a
Gentoo Linux 1.2
Gentoo Linux 1.4
Trustix Secure Linux 2.0
Gentoo Linux 0.5
Gentoo Linux 0.7
Trustix Secure Linux 2.1
NA
CVE-1999-0368
Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto.
Washington University Wu-ftpd 2.4.2 Beta18 Vr9
Proftpd Project Proftpd 1.2 Pre1
Washington University Wu-ftpd 2.4.2 Beta18
Sco Openserver 5.0
Slackware Slackware Linux 3.5
Redhat Linux 5.1
Slackware Slackware Linux 3.4
Redhat Linux 5.0
Sco Openserver 5.0.2
Sco Openserver 5.0.5
Slackware Slackware Linux 3.6
Sco Unixware 7.0
Debian Debian Linux 2.0
Sco Openserver 5.0.3
Sco Unixware 7.0.1
Sco Openserver 5.0.4
Caldera Openlinux 1.3
2 EDB exploits
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »