Proftpd

Proftpd

30 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2019-19271

  • EPSS 0.93%
  • Veröffentlicht 26.11.2019 04:15:13
  • Zuletzt bearbeitet 21.11.2024 04:34:28

An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. A wrong iteration variable, used when checking a client certificate against CRL entries (installed by a system administrator), can cause some CRL entries to be ignored, and can allow ...

7.5

CVE-2019-19270

  • EPSS 0.2%
  • Veröffentlicht 26.11.2019 04:15:12
  • Zuletzt bearbeitet 21.11.2024 04:34:27

An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. Failure to check for the appropriate field of a CRL entry (checking twice for subject, rather than once for subject and once for issuer) prevents some valid CRLs from being taken in...

7.5

CVE-2019-18217

Exploit
  • EPSS 5.46%
  • Veröffentlicht 21.10.2019 04:15:10
  • Zuletzt bearbeitet 21.11.2024 04:32:51

ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauthenticated denial-of-service due to incorrect handling of overly long commands because main.c in a child process enters an infinite loop.

9.8

CVE-2019-12815

Exploit
  • EPSS 83.99%
  • Veröffentlicht 19.07.2019 23:15:11
  • Zuletzt bearbeitet 21.11.2024 04:23:38

An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306.

5.5

CVE-2017-7418

  • EPSS 0.07%
  • Veröffentlicht 04.04.2017 17:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlin...

7.5

CVE-2016-3125

  • EPSS 1.37%
  • Veröffentlicht 05.04.2016 20:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow attackers to have unspecif...

10

CVE-2015-3306

Exploit
  • EPSS 93.96%
  • Veröffentlicht 18.05.2015 15:59:10
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.

5

CVE-2013-4359

Exploit
  • EPSS 2.13%
  • Veröffentlicht 30.09.2013 21:55:07
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Integer overflow in kbdint.c in mod_sftp in ProFTPD 1.3.4d and 1.3.5r3 allows remote attackers to cause a denial of service (memory consumption) via a large response count value in an authentication request, which triggers a large memory allocation.

1.2

CVE-2012-6095

  • EPSS 0.04%
  • Veröffentlicht 24.01.2013 21:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the (1) MKD or (2) XMKD commands.

9

CVE-2011-4130

Exploit
  • EPSS 1.9%
  • Veröffentlicht 06.12.2011 11:55:06
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data transfer.