Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
proftpd vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2007-2165
The Auth API in ProFTPD prior to 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which might allow remote malicious users to bypas...
Proftpd Project Proftpd
NA
CVE-2006-5815
Stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0 and previous versions allows remote attackers, probably authenticated, to cause a denial of service and execute arbitrary code, as demonstrated by vd_proftpd.pm, a "ProFTPD remote exploit."
Proftpd Project Proftpd
2 EDB exploits
NA
CVE-2006-6171
ProFTPD 1.3.0a and previous versions does not properly set the buffer size limit when CommandBufferSize is specified in the configuration file, which leads to an off-by-two buffer underflow. NOTE: in November 2006, the role of CommandBufferSize was originally associated with CVE-...
Proftpd Project Proftpd
NA
CVE-2009-0543
ProFTPD Server 1.3.1, with NLS support enabled, allows remote malicious users to bypass SQL injection protection mechanisms via invalid, encoded multibyte characters, which are not properly handled in (1) mod_sql_mysql and (2) mod_sql_postgres.
Proftpd Proftpd 1.3.1
1 EDB exploit
1 Github repository
NA
CVE-2001-1501
The glob functionality in ProFTPD 1.2.1, and possibly other versions allows remote malicious users to cause a denial of service (CPU and memory consumption) via commands with large numbers of wildcard and other special characters, as demonstrated using an ls command with multiple...
Proftpd Project Proftpd 1.2.1
1 EDB exploit
NA
CVE-2001-0318
Format string vulnerability in ProFTPD 1.2.0rc2 may allow malicious users to execute arbitrary commands by shutting down the FTP server while using a malformed working directory (cwd).
Proftpd Project Proftpd 1.2.0 Rc2
NA
CVE-1999-1475
ProFTPd 1.2 compiled with the mod_sqlpw module records user passwords in the wtmp log file, which allows local users to obtain the passwords and gain privileges by reading wtmp, e.g. via the last command.
Proftpd Project Proftpd 1.2
NA
CVE-2003-0500
SQL injection vulnerability in the PostgreSQL authentication module (mod_sql_postgres) for ProFTPD prior to 1.2.9rc1 allows remote malicious users to execute arbitrary SQL and gain privileges by bypassing authentication or stealing passwords via the USER name.
Proftpd Project Proftpd 1.2.9 Rc1
1 EDB exploit
NA
CVE-2008-4242
ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote malicious users to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client...
Proftpd Project Proftpd 1.3.1
NA
CVE-2001-0136
Memory leak in ProFTPd 1.2.0rc2 allows remote malicious users to cause a denial of service via a series of USER commands, and possibly SIZE commands if the server has been improperly installed.
Proftpd Proftpd 1.2.0
Mandrakesoft Mandrake Linux 7.2
Debian Debian Linux 2.2
Conectiva Linux
3 EDB exploits
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028
CVE-2024-32406
CVE-2024-25624
IMAP
CVE-2024-2310
CVE-2024-0874
CVE-2024-20359
XXE
remote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »