Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
proftpd vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-51713
make_ftp_cmd in main.c in ProFTPD prior to 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash semantics.
Proftpd Proftpd
NA
CVE-2021-46854
mod_radius in ProFTPD prior to 1.3.7c allows memory disclosure to RADIUS servers because it copies blocks of 16 characters.
Proftpd Proftpd
505
VMScore
CVE-2004-1602
ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given username exists, which allows remote malicious users to identify valid usernames by timing the server response.
Proftpd Proftpd
1 EDB exploit
447
VMScore
CVE-2019-19271
An issue exists in tls_verify_crl in ProFTPD prior to 1.3.6. A wrong iteration variable, used when checking a client certificate against CRL entries (installed by a system administrator), can cause some CRL entries to be ignored, and can allow clients whose certificates have been...
Proftpd Proftpd
447
VMScore
CVE-2019-19272
An issue exists in tls_verify_crl in ProFTPD prior to 1.3.6. Direct dereference of a NULL pointer (a variable initialized to NULL) leads to a crash when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup.
Proftpd Proftpd
447
VMScore
CVE-2016-3125
The mod_tls module in ProFTPD prior to 1.3.5b and 1.3.6 prior to 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow malicious users to have unspecified impact via unkno...
Proftpd Proftpd 1.3.6
Proftpd Proftpd
Opensuse Opensuse 13.1
Fedoraproject Fedora 22
Fedoraproject Fedora 23
357
VMScore
CVE-2019-19269
An issue exists in tls_verify_crl in ProFTPD up to and including 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL sk_X509_REVOKED_value() function when encountering an empty CRL installed by a system administrator. The dereference occurs ...
Proftpd Proftpd 1.3.6
Proftpd Proftpd
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Debian Debian Linux 8.0
1000
VMScore
CVE-2015-3306
The mod_copy module in ProFTPD 1.3.5 allows remote malicious users to read and write to arbitrary files via the site cpfr and site cpto commands.
Proftpd Proftpd 1.3.5
3 EDB exploits
13 Github repositories
668
VMScore
CVE-2001-0027
mod_sqlpw module in ProFTPD does not reset a cached password when a user uses the "user" command to change accounts, which allows authenticated malicious users to gain privileges of other users.
Proftpd Project Proftpd
668
VMScore
CVE-2006-6170
Buffer overflow in the tls_x509_name_oneline function in the mod_tls module, as used in ProFTPD 1.3.0a and previous versions, and possibly other products, allows remote malicious users to execute arbitrary code via a large data length argument, a different vulnerability than CVE-...
Proftpd Project Proftpd
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »