Proftpd Project

Proftpd

20 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.33%
  • Veröffentlicht 24.06.2026 13:21:42
  • Zuletzt bearbeitet 02.07.2026 14:29:26

ProFTPD through 1.3.9b and 1.3.10rc2 contains an access control bypass vulnerability that allows authenticated FTP users to circumvent Directory ACL restrictions by prefixing paths with /proc/self/root in the RNFR command handler. Attackers can explo...

  • EPSS 74.73%
  • Veröffentlicht 12.02.2009 16:30:00
  • Zuletzt bearbeitet 16.06.2026 23:05:15

SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 allows remote attackers to execute arbitrary SQL commands via a "%" (percent) character in the username, which introduces a "'" (single quote) character during variable substitution...

Exploit
  • EPSS 7.07%
  • Veröffentlicht 25.09.2008 19:25:18
  • Zuletzt bearbeitet 16.06.2026 22:57:28

ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing ses...

  • EPSS 12.52%
  • Veröffentlicht 22.04.2007 19:19:00
  • Zuletzt bearbeitet 16.06.2026 22:39:03

The Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which might allow rem...

Exploit
  • EPSS 2.3%
  • Veröffentlicht 15.12.2006 11:28:00
  • Zuletzt bearbeitet 16.06.2026 22:33:22

Stack-based buffer overflow in the pr_ctrls_recv_request function in ctrls.c in the mod_ctrls module in ProFTPD before 1.3.1rc1 allows local users to execute arbitrary code via a large reqarglen length value.

  • EPSS 9.59%
  • Veröffentlicht 30.11.2006 15:28:00
  • Zuletzt bearbeitet 16.06.2026 22:32:36

ProFTPD 1.3.0a and earlier does not properly set the buffer size limit when CommandBufferSize is specified in the configuration file, which leads to an off-by-two buffer underflow. NOTE: in November 2006, the role of CommandBufferSize was originally...

Exploit
  • EPSS 17.43%
  • Veröffentlicht 30.11.2006 15:28:00
  • Zuletzt bearbeitet 16.06.2026 22:32:36

Buffer overflow in the tls_x509_name_oneline function in the mod_tls module, as used in ProFTPD 1.3.0a and earlier, and possibly other products, allows remote attackers to execute arbitrary code via a large data length argument, a different vulnerabi...

  • EPSS 74.25%
  • Veröffentlicht 08.11.2006 23:07:00
  • Zuletzt bearbeitet 16.06.2026 22:31:55

Stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0 and earlier allows remote attackers, probably authenticated, to cause a denial of service and execute arbitrary code, as demonstrated by vd_proftpd.pm, a "ProFTPD remote exploit."

  • EPSS 12.58%
  • Veröffentlicht 31.12.2005 05:00:00
  • Zuletzt bearbeitet 16.06.2026 22:19:30

Buffer overflow in mod_radius in ProFTPD before 1.3.0rc2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password.

  • EPSS 9.2%
  • Veröffentlicht 27.07.2005 04:00:00
  • Zuletzt bearbeitet 16.06.2026 22:14:48

Multiple format string vulnerabilities in ProFTPD before 1.3.0rc2 allow attackers to cause a denial of service or obtain sensitive information via (1) certain inputs to the shutdown message from ftpshut, or (2) the SQLShowInfo mod_sql directive.