Search
Total
12 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-3306 | 1 Proftpd | 1 Proftpd | 2021-05-26 | 10.0 HIGH | N/A |
| The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands. | |||||
| CVE-2001-0136 | 4 Conectiva, Debian, Mandrakesoft and 1 more | 4 Linux, Debian Linux, Mandrake Linux and 1 more | 2018-02-07 | 5.0 MEDIUM | N/A |
| Memory leak in ProFTPd 1.2.0rc2 allows remote attackers to cause a denial of service via a series of USER commands, and possibly SIZE commands if the server has been improperly installed. | |||||
| CVE-2009-3639 | 1 Proftpd | 1 Proftpd | 2017-08-17 | 5.8 MEDIUM | N/A |
| The mod_tls module in ProFTPD before 1.3.2b, and 1.3.3 before 1.3.3rc2, when the dNSNameRequired TLS option is enabled, does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 client certificate, which allows remote attackers to bypass intended client-hostname restrictions via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | |||||
| CVE-2013-4359 | 1 Proftpd | 1 Proftpd | 2016-12-31 | 5.0 MEDIUM | N/A |
| Integer overflow in kbdint.c in mod_sftp in ProFTPD 1.3.4d and 1.3.5r3 allows remote attackers to cause a denial of service (memory consumption) via a large response count value in an authentication request, which triggers a large memory allocation. | |||||
| CVE-2012-6095 | 1 Proftpd | 1 Proftpd | 2013-01-25 | 1.2 LOW | N/A |
| ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the (1) MKD or (2) XMKD commands. | |||||
| CVE-2011-4130 | 1 Proftpd | 1 Proftpd | 2011-12-08 | 9.0 HIGH | N/A |
| Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data transfer. | |||||
| CVE-2010-4221 | 1 Proftpd | 1 Proftpd | 2011-09-15 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in the pr_netio_telnet_gets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC escape character to a (1) FTP or (2) FTPS server. | |||||
| CVE-2010-3867 | 1 Proftpd | 1 Proftpd | 2011-09-15 | 7.1 HIGH | N/A |
| Multiple directory traversal vulnerabilities in the mod_site_misc module in ProFTPD before 1.3.3c allow remote authenticated users to create directories, delete directories, create symlinks, and modify file timestamps via directory traversal sequences in a (1) SITE MKDIR, (2) SITE RMDIR, (3) SITE SYMLINK, or (4) SITE UTIME command. | |||||
| CVE-2011-1137 | 1 Proftpd | 1 Proftpd | 2011-09-07 | 5.0 MEDIUM | N/A |
| Integer overflow in the mod_sftp (aka SFTP) module in ProFTPD 1.3.3d and earlier allows remote attackers to cause a denial of service (memory consumption leading to OOM kill) via a malformed SSH message. | |||||
| CVE-2010-4652 | 1 Proftpd | 1 Proftpd | 2011-03-18 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in the sql_prepare_where function (contrib/mod_sql.c) in ProFTPD before 1.3.3d, when mod_sql is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted username containing substitution tags, which are not properly handled during construction of an SQL query. | |||||
| CVE-2008-7265 | 1 Proftpd | 1 Proftpd | 2011-03-18 | 4.0 MEDIUM | N/A |
| The pr_data_xfer function in ProFTPD before 1.3.2rc3 allows remote authenticated users to cause a denial of service (CPU consumption) via an ABOR command during a data transfer. | |||||
| CVE-2009-0543 | 1 Proftpd | 1 Proftpd | 2009-06-09 | 6.8 MEDIUM | N/A |
| ProFTPD Server 1.3.1, with NLS support enabled, allows remote attackers to bypass SQL injection protection mechanisms via invalid, encoded multibyte characters, which are not properly handled in (1) mod_sql_mysql and (2) mod_sql_postgres. | |||||