Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
proftpd vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2005-0484
Format string vulnerability in gprostats for GProFTPD prior to 8.1.9 may allow remote malicious users to execute arbitrary code via an FTP transfer with a crafted filename that causes format string specifiers to be inserted into the ProFTPD transfer log.
Gproftpd Gproftpd
668
VMScore
CVE-2004-0432
ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL entries as if they were AllowAll, which could allow FTP clients to bypass intended access restrictions.
Proftpd Project Proftpd 1.2.9
Gentoo Linux 1.1a
Gentoo Linux 1.2
Gentoo Linux 1.4
Trustix Secure Linux 2.0
Gentoo Linux 0.5
Gentoo Linux 0.7
Trustix Secure Linux 2.1
668
VMScore
CVE-2001-1500
ProFTPD 1.2.2rc2, and possibly other versions, does not properly verify reverse-resolved hostnames by performing forward resolution, which allows remote malicious users to bypass ACLs or cause an incorrect client hostname to be logged.
Proftpd Project Proftpd 1.2 Pre10
Proftpd Project Proftpd 1.2 Pre11
Proftpd Project Proftpd 1.2 Pre8
Proftpd Project Proftpd 1.2 Pre9
Proftpd Project Proftpd 1.2.2 Rc1
Proftpd Project Proftpd 1.2.2 Rc2
Proftpd Project Proftpd 1.2 Pre1
Proftpd Project Proftpd 1.2 Pre6
Proftpd Project Proftpd 1.2 Pre7
Proftpd Project Proftpd 1.2
Proftpd Project Proftpd 1.2.0 Rc3
Proftpd Project Proftpd 1.2 Pre2
Proftpd Project Proftpd 1.2 Pre3
Proftpd Project Proftpd 1.2.1
Proftpd Project Proftpd 1.2.2
Proftpd Project Proftpd 1.2 Pre4
Proftpd Project Proftpd 1.2 Pre5
668
VMScore
CVE-2001-0456
postinst installation script for Proftpd in Debian 2.2 does not properly change the "run as uid/gid root" configuration when the user enables anonymous access, which causes the server to run at a higher privilege than intended.
Debian Debian Linux 2.2
668
VMScore
CVE-2001-0318
Format string vulnerability in ProFTPD 1.2.0rc2 may allow malicious users to execute arbitrary commands by shutting down the FTP server while using a malformed working directory (cwd).
Proftpd Project Proftpd 1.2.0 Rc2
668
VMScore
CVE-2001-0027
mod_sqlpw module in ProFTPD does not reset a cached password when a user uses the "user" command to change accounts, which allows authenticated malicious users to gain privileges of other users.
Proftpd Project Proftpd
641
VMScore
CVE-2004-0346
Off-by-one buffer overflow in _xlate_ascii_write() in ProFTPD 1.2.7 up to and including 1.2.9rc2p allows local users to gain privileges via a 1024 byte RETR command.
Proftpd Proftpd 1.2.9
Proftpd Proftpd
633
VMScore
CVE-2010-3867
Multiple directory traversal vulnerabilities in the mod_site_misc module in ProFTPD prior to 1.3.3c allow remote authenticated users to create directories, delete directories, create symlinks, and modify file timestamps via directory traversal sequences in a (1) SITE MKDIR, (2) S...
Proftpd Proftpd 1.3.0
Proftpd Proftpd 1.3.1
Proftpd Proftpd 1.3.2
Proftpd Proftpd 1.3.3
Proftpd Proftpd 1.2.10
2 Github repositories
1 Article
605
VMScore
CVE-2011-0411
The STARTTLS implementation in Postfix 2.4.x prior to 2.4.16, 2.5.x prior to 2.5.12, 2.6.x prior to 2.6.9, and 2.7.x prior to 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle malicious users to insert commands into encrypted SMTP sessions by sending ...
Postfix Postfix 2.4
Postfix Postfix 2.4.4
Postfix Postfix 2.4.0
Postfix Postfix 2.4.9
Postfix Postfix 2.4.8
Postfix Postfix 2.4.6
Postfix Postfix 2.4.5
Postfix Postfix 2.4.14
Postfix Postfix 2.4.15
Postfix Postfix 2.4.3
Postfix Postfix 2.4.2
Postfix Postfix 2.4.10
Postfix Postfix 2.4.11
Postfix Postfix 2.4.1
Postfix Postfix 2.4.7
Postfix Postfix 2.4.12
Postfix Postfix 2.4.13
Postfix Postfix 2.5.0
Postfix Postfix 2.5.8
Postfix Postfix 2.5.9
Postfix Postfix 2.5.6
Postfix Postfix 2.5.7
605
VMScore
CVE-2010-4652
Heap-based buffer overflow in the sql_prepare_where function (contrib/mod_sql.c) in ProFTPD prior to 1.3.3d, when mod_sql is enabled, allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via a crafted username containing substitut...
Proftpd Proftpd 1.3.1
Proftpd Proftpd 1.3.0
Proftpd Proftpd 1.2.10
Proftpd Proftpd 1.3.3
Proftpd Proftpd 1.2.4
Proftpd Proftpd 1.2.3
Proftpd Proftpd 1.2.0
Proftpd Proftpd 1.2.8
Proftpd Proftpd 1.2.6
Proftpd Proftpd 1.3.2
Proftpd Proftpd 1.2.2
Proftpd Proftpd 1.2.1
Proftpd Proftpd 1.2.9
Proftpd Proftpd 1.2.7
Proftpd Proftpd 1.2.5
Proftpd Proftpd
1 Github repository
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »