- EPSS 96.8%
- Veröffentlicht 18.05.2015 15:59:10
- Zuletzt bearbeitet 06.05.2026 22:30:45
The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.
- EPSS 2.99%
- Veröffentlicht 30.09.2013 21:55:07
- Zuletzt bearbeitet 29.04.2026 01:13:23
Integer overflow in kbdint.c in mod_sftp in ProFTPD 1.3.4d and 1.3.5r3 allows remote attackers to cause a denial of service (memory consumption) via a large response count value in an authentication request, which triggers a large memory allocation.
CVE-2012-6095
- EPSS 0.69%
- Veröffentlicht 24.01.2013 21:55:01
- Zuletzt bearbeitet 29.04.2026 01:13:23
ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the (1) MKD or (2) XMKD commands.
- EPSS 12.8%
- Veröffentlicht 06.12.2011 11:55:06
- Zuletzt bearbeitet 16.06.2026 23:34:28
Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data transfer.
- EPSS 28.07%
- Veröffentlicht 11.03.2011 17:55:03
- Zuletzt bearbeitet 16.06.2026 23:28:47
Integer overflow in the mod_sftp (aka SFTP) module in ProFTPD 1.3.3d and earlier allows remote attackers to cause a denial of service (memory consumption leading to OOM kill) via a malformed SSH message.
CVE-2010-4652
- EPSS 11.34%
- Veröffentlicht 02.02.2011 01:00:04
- Zuletzt bearbeitet 16.06.2026 23:25:15
Heap-based buffer overflow in the sql_prepare_where function (contrib/mod_sql.c) in ProFTPD before 1.3.3d, when mod_sql is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted usernam...
- EPSS 91.3%
- Veröffentlicht 09.11.2010 21:00:06
- Zuletzt bearbeitet 16.06.2026 23:24:23
Multiple stack-based buffer overflows in the pr_netio_telnet_gets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC escape character to a (1) FTP or (2) FTPS server.
CVE-2010-3867
- EPSS 7.5%
- Veröffentlicht 09.11.2010 21:00:04
- Zuletzt bearbeitet 16.06.2026 23:23:43
Multiple directory traversal vulnerabilities in the mod_site_misc module in ProFTPD before 1.3.3c allow remote authenticated users to create directories, delete directories, create symlinks, and modify file timestamps via directory traversal sequence...
- EPSS 3.2%
- Veröffentlicht 09.11.2010 21:00:02
- Zuletzt bearbeitet 16.06.2026 23:03:56
The pr_data_xfer function in ProFTPD before 1.3.2rc3 allows remote authenticated users to cause a denial of service (CPU consumption) via an ABOR command during a data transfer.
CVE-2009-3639
- EPSS 5.7%
- Veröffentlicht 28.10.2009 14:30:00
- Zuletzt bearbeitet 16.06.2026 23:12:04
The mod_tls module in ProFTPD before 1.3.2b, and 1.3.3 before 1.3.3rc2, when the dNSNameRequired TLS option is enabled, does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 client certificate, w...