Published: 06/12/2011 Updated: 08/12/2011

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

VMScore: 802

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Use-after-free vulnerability in the Response API in ProFTPD prior to 1.3.3g allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data transfer.

Vulnerable Product	Search on Vulmon	Subscribe to Product
proftpd proftpd 1.3.3
proftpd proftpd 1.3.2
proftpd proftpd 1.3.1
proftpd proftpd 1.3.0
proftpd proftpd 1.2.10
proftpd proftpd 1.2.9
proftpd proftpd 1.2.7
proftpd proftpd 1.2.5
proftpd proftpd 1.2.3
proftpd proftpd 1.2.1
proftpd proftpd 1.2.0
proftpd proftpd 1.2.8
proftpd proftpd 1.2.2
proftpd proftpd 1.2.6
proftpd proftpd
proftpd proftpd 1.2.4

Debian Bug report logs - #648373 [CVE-2011-4130] Use-after-free issue Package: proftpd-dfsg; Maintainer for proftpd-dfsg is ProFTPD Maintainance Team <pkg-proftpd-maintainers@alioth-listsdebiannet>; Reported by: Florian Weimer <fw@denebenyode> Date: Thu, 10 Nov 2011 20:33:02 UTC Severity: grave Tags: patch, secur ...

Several vulnerabilities were discovered in ProFTPD, an FTP server: (No CVE id) ProFTPD incorrectly uses data from an unencrypted input buffer after encryption has been enabled with STARTTLS, an issue similar to CVE-2011-0411 CVE-2011-4130 ProFTPD uses a response pool after freeing it under exception ...

This repo walks through metasploitable1 machine and try to get root access by various methods through various vulnerable services

download the machine from wwwvulnhubcom/entry/metasploitable-1,28/ then launch using VMware credentials are msfadmin:msfadmin ip a to get machine Notes : make sure your system is upgraded sudo apt update && sudo apt upgrade sudo apt install exploitdb scan the target using nmap Nmap -sV -Sc 19216819 get 12 open ports (21 -22-23-25-53-80-139-445-3306-

Node-NMAP-Vulners NPM package enabling your [NodeJs] application to interface with the features of [NMAP] This package requires that [NMAP] is installed and available to the running node application If [VULNERS] script is installed, this package is able to parse the output to [NodeJs] UPDATE 102 Edited READMEMD UPDATE 101 Improved Service and Vulnerabilities integrat

Yes, the BBC still uses FTP. And yes, a Russian crook hacked the server

The Register • Chris Williams, Editor in Chief • 30 Dec 2013

Convenient file-store a convenient target for crook touting access

A BBC FTP server ftp.bbc.co.uk was compromised by a Russian hacker and access to it touted online, say computer security researchers. The miscreant behind the attack on the internet-facing file store tried to sell access to the infiltrated system to other crims on Christmas Day, we're told. Hold Security – which this year has helped break news of data heists at Adobe and a top-flight limo company – spotted someone trying to sell access to ftp.bbc.co.uk, according to Reuters. FTP is a 1970s v...

CVE-2011-4130

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect