Proftpd

Proftpd

33 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2026-44331

  • EPSS 0.04%
  • Veröffentlicht 05.05.2026 20:16:39
  • Zuletzt bearbeitet 07.05.2026 15:53:49

In ProFTPD through 1.3.9a before 7666224, a SQL injection vulnerability in sqltab_fetch_clients_cb() in contrib/mod_wrap2_sql.c allows a remote attacker to inject arbitrary SQL commands via a crafted domain name that is accessed in a reverse DNS look...

8.1

CVE-2026-42167

Medienbericht
  • EPSS 7.03%
  • Veröffentlicht 28.04.2026 00:00:00
  • Zuletzt bearbeitet 01.05.2026 19:16:30

mod_sql in ProFTPD before 1.3.9a allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backend allows commands (e.g., COPY TO PROGRAM).

8.7

CVE-2021-47865

Exploit
  • EPSS 0.02%
  • Veröffentlicht 21.01.2026 17:27:44
  • Zuletzt bearbeitet 15.04.2026 00:35:42

ProFTPD 1.3.7a contains a denial of service vulnerability that allows attackers to overwhelm the server by creating multiple simultaneous FTP connections. Attackers can repeatedly establish connections using threading to exhaust server connection lim...

9.8

CVE-2010-20103

Exploit
  • EPSS 85.08%
  • Veröffentlicht 20.08.2025 15:38:46
  • Zuletzt bearbeitet 24.09.2025 17:02:12

A malicious backdoor was embedded in the official ProFTPD 1.3.3c source tarball distributed between November 28 and December 2, 2010. The backdoor implements a hidden FTP command trigger that, when invoked, causes the server to execute arbitrary shel...

7.5

CVE-2024-57392

  • EPSS 4.61%
  • Veröffentlicht 06.02.2025 22:15:39
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Buffer Overflow vulnerability in Proftpd commit 4017eff8 allows a remote attacker to execute arbitrary code and can cause a Denial of Service (DoS) on the FTP service by sending a maliciously crafted message to the ProFTPD service port.

7.5

CVE-2024-48651

  • EPSS 36.59%
  • Veröffentlicht 29.11.2024 05:15:05
  • Zuletzt bearbeitet 15.04.2026 00:35:42

In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access to GID 0 because of the lack of supplemental groups from mod_sql.

7.5

CVE-2023-51713

Exploit
  • EPSS 70.3%
  • Veröffentlicht 22.12.2023 03:15:09
  • Zuletzt bearbeitet 03.11.2025 22:16:31

make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash semantics.

5.9

CVE-2023-48795

Medienbericht Exploit
  • EPSS 50.71%
  • Veröffentlicht 18.12.2023 16:15:10
  • Zuletzt bearbeitet 12.05.2026 11:16:15

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client a...

7.5

CVE-2021-46854

Exploit
  • EPSS 1.79%
  • Veröffentlicht 23.11.2022 07:15:09
  • Zuletzt bearbeitet 28.04.2025 21:15:55

mod_radius in ProFTPD before 1.3.7c allows memory disclosure to RADIUS servers because it copies blocks of 16 characters.

9

CVE-2020-9273

  • EPSS 62.28%
  • Veröffentlicht 20.02.2020 16:15:11
  • Zuletzt bearbeitet 21.11.2024 05:40:19

In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution.