Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
proftpd vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2019-19272
An issue exists in tls_verify_crl in ProFTPD prior to 1.3.6. Direct dereference of a NULL pointer (a variable initialized to NULL) leads to a crash when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup.
Proftpd Proftpd
5
CVSSv2
CVE-2004-1602
ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given username exists, which allows remote malicious users to identify valid usernames by timing the server response.
Proftpd Proftpd
1 EDB exploit
5
CVSSv2
CVE-2019-19271
An issue exists in tls_verify_crl in ProFTPD prior to 1.3.6. A wrong iteration variable, used when checking a client certificate against CRL entries (installed by a system administrator), can cause some CRL entries to be ignored, and can allow clients whose certificates have been...
Proftpd Proftpd
NA
CVE-2021-46854
mod_radius in ProFTPD prior to 1.3.7c allows memory disclosure to RADIUS servers because it copies blocks of 16 characters.
Proftpd Proftpd
NA
CVE-2023-51713
make_ftp_cmd in main.c in ProFTPD prior to 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash semantics.
Proftpd Proftpd
5
CVSSv2
CVE-2016-3125
The mod_tls module in ProFTPD prior to 1.3.5b and 1.3.6 prior to 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow malicious users to have unspecified impact via unkno...
Proftpd Proftpd 1.3.6
Proftpd Proftpd
Opensuse Opensuse 13.1
Fedoraproject Fedora 22
Fedoraproject Fedora 23
4
CVSSv2
CVE-2019-19269
An issue exists in tls_verify_crl in ProFTPD up to and including 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL sk_X509_REVOKED_value() function when encountering an empty CRL installed by a system administrator. The dereference occurs ...
Proftpd Proftpd 1.3.6
Proftpd Proftpd
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Debian Debian Linux 8.0
10
CVSSv2
CVE-2006-5815
Stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0 and previous versions allows remote attackers, probably authenticated, to cause a denial of service and execute arbitrary code, as demonstrated by vd_proftpd.pm, a "ProFTPD remote exploit."
Proftpd Project Proftpd
2 EDB exploits
5.1
CVSSv2
CVE-2007-2165
The Auth API in ProFTPD prior to 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which might allow remote malicious users to bypas...
Proftpd Project Proftpd
10
CVSSv2
CVE-2015-3306
The mod_copy module in ProFTPD 1.3.5 allows remote malicious users to read and write to arbitrary files via the site cpfr and site cpto commands.
Proftpd Proftpd 1.3.5
3 EDB exploits
13 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »