Proftpd

Proftpd

33 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2013-4359

Exploit
  • EPSS 1.4%
  • Veröffentlicht 30.09.2013 21:55:07
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Integer overflow in kbdint.c in mod_sftp in ProFTPD 1.3.4d and 1.3.5r3 allows remote attackers to cause a denial of service (memory consumption) via a large response count value in an authentication request, which triggers a large memory allocation.

1.2

CVE-2012-6095

  • EPSS 0.06%
  • Veröffentlicht 24.01.2013 21:55:01
  • Zuletzt bearbeitet 29.04.2026 01:13:23

ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the (1) MKD or (2) XMKD commands.

9

CVE-2011-4130

Exploit
  • EPSS 1.29%
  • Veröffentlicht 06.12.2011 11:55:06
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data transfer.

5

CVE-2011-1137

Exploit
  • EPSS 2.57%
  • Veröffentlicht 11.03.2011 17:55:03
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Integer overflow in the mod_sftp (aka SFTP) module in ProFTPD 1.3.3d and earlier allows remote attackers to cause a denial of service (memory consumption leading to OOM kill) via a malformed SSH message.

6.8

CVE-2010-4652

Exploit
  • EPSS 5.49%
  • Veröffentlicht 02.02.2011 01:00:04
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Heap-based buffer overflow in the sql_prepare_where function (contrib/mod_sql.c) in ProFTPD before 1.3.3d, when mod_sql is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted usernam...

10

CVE-2010-4221

Exploit
  • EPSS 91.75%
  • Veröffentlicht 09.11.2010 21:00:06
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Multiple stack-based buffer overflows in the pr_netio_telnet_gets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC escape character to a (1) FTP or (2) FTPS server.

7.1

CVE-2010-3867

Exploit
  • EPSS 0.38%
  • Veröffentlicht 09.11.2010 21:00:04
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Multiple directory traversal vulnerabilities in the mod_site_misc module in ProFTPD before 1.3.3c allow remote authenticated users to create directories, delete directories, create symlinks, and modify file timestamps via directory traversal sequence...

4

CVE-2008-7265

  • EPSS 0.33%
  • Veröffentlicht 09.11.2010 21:00:02
  • Zuletzt bearbeitet 29.04.2026 01:13:23

The pr_data_xfer function in ProFTPD before 1.3.2rc3 allows remote authenticated users to cause a denial of service (CPU consumption) via an ABOR command during a data transfer.

5.8

CVE-2009-3639

  • EPSS 1.44%
  • Veröffentlicht 28.10.2009 14:30:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

The mod_tls module in ProFTPD before 1.3.2b, and 1.3.3 before 1.3.3rc2, when the dNSNameRequired TLS option is enabled, does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 client certificate, w...

6.8

CVE-2009-0543

  • EPSS 0.37%
  • Veröffentlicht 12.02.2009 16:30:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

ProFTPD Server 1.3.1, with NLS support enabled, allows remote attackers to bypass SQL injection protection mechanisms via invalid, encoded multibyte characters, which are not properly handled in (1) mod_sql_mysql and (2) mod_sql_postgres.