Proftpd

Proftpd

34 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 96.8%
  • Veröffentlicht 18.05.2015 15:59:10
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.

Exploit
  • EPSS 2.99%
  • Veröffentlicht 30.09.2013 21:55:07
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Integer overflow in kbdint.c in mod_sftp in ProFTPD 1.3.4d and 1.3.5r3 allows remote attackers to cause a denial of service (memory consumption) via a large response count value in an authentication request, which triggers a large memory allocation.

  • EPSS 0.69%
  • Veröffentlicht 24.01.2013 21:55:01
  • Zuletzt bearbeitet 29.04.2026 01:13:23

ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the (1) MKD or (2) XMKD commands.

Exploit
  • EPSS 12.8%
  • Veröffentlicht 06.12.2011 11:55:06
  • Zuletzt bearbeitet 16.06.2026 23:34:28

Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data transfer.

Exploit
  • EPSS 28.07%
  • Veröffentlicht 11.03.2011 17:55:03
  • Zuletzt bearbeitet 16.06.2026 23:28:47

Integer overflow in the mod_sftp (aka SFTP) module in ProFTPD 1.3.3d and earlier allows remote attackers to cause a denial of service (memory consumption leading to OOM kill) via a malformed SSH message.

Exploit
  • EPSS 11.34%
  • Veröffentlicht 02.02.2011 01:00:04
  • Zuletzt bearbeitet 16.06.2026 23:25:15

Heap-based buffer overflow in the sql_prepare_where function (contrib/mod_sql.c) in ProFTPD before 1.3.3d, when mod_sql is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted usernam...

Exploit
  • EPSS 91.3%
  • Veröffentlicht 09.11.2010 21:00:06
  • Zuletzt bearbeitet 16.06.2026 23:24:23

Multiple stack-based buffer overflows in the pr_netio_telnet_gets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC escape character to a (1) FTP or (2) FTPS server.

Exploit
  • EPSS 7.5%
  • Veröffentlicht 09.11.2010 21:00:04
  • Zuletzt bearbeitet 16.06.2026 23:23:43

Multiple directory traversal vulnerabilities in the mod_site_misc module in ProFTPD before 1.3.3c allow remote authenticated users to create directories, delete directories, create symlinks, and modify file timestamps via directory traversal sequence...

  • EPSS 3.2%
  • Veröffentlicht 09.11.2010 21:00:02
  • Zuletzt bearbeitet 16.06.2026 23:03:56

The pr_data_xfer function in ProFTPD before 1.3.2rc3 allows remote authenticated users to cause a denial of service (CPU consumption) via an ABOR command during a data transfer.

  • EPSS 5.7%
  • Veröffentlicht 28.10.2009 14:30:00
  • Zuletzt bearbeitet 16.06.2026 23:12:04

The mod_tls module in ProFTPD before 1.3.2b, and 1.3.3 before 1.3.3rc2, when the dNSNameRequired TLS option is enabled, does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 client certificate, w...