Proftpd

Proftpd

30 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2011-1137

Exploit
  • EPSS 2.68%
  • Veröffentlicht 11.03.2011 17:55:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Integer overflow in the mod_sftp (aka SFTP) module in ProFTPD 1.3.3d and earlier allows remote attackers to cause a denial of service (memory consumption leading to OOM kill) via a malformed SSH message.

6.8

CVE-2010-4652

Exploit
  • EPSS 9.23%
  • Veröffentlicht 02.02.2011 01:00:04
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Heap-based buffer overflow in the sql_prepare_where function (contrib/mod_sql.c) in ProFTPD before 1.3.3d, when mod_sql is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted usernam...

10

CVE-2010-4221

Exploit
  • EPSS 92.29%
  • Veröffentlicht 09.11.2010 21:00:06
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple stack-based buffer overflows in the pr_netio_telnet_gets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC escape character to a (1) FTP or (2) FTPS server.

7.1

CVE-2010-3867

Exploit
  • EPSS 0.2%
  • Veröffentlicht 09.11.2010 21:00:04
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple directory traversal vulnerabilities in the mod_site_misc module in ProFTPD before 1.3.3c allow remote authenticated users to create directories, delete directories, create symlinks, and modify file timestamps via directory traversal sequence...

4

CVE-2008-7265

  • EPSS 0.33%
  • Veröffentlicht 09.11.2010 21:00:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The pr_data_xfer function in ProFTPD before 1.3.2rc3 allows remote authenticated users to cause a denial of service (CPU consumption) via an ABOR command during a data transfer.

5.8

CVE-2009-3639

  • EPSS 1.3%
  • Veröffentlicht 28.10.2009 14:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The mod_tls module in ProFTPD before 1.3.2b, and 1.3.3 before 1.3.3rc2, when the dNSNameRequired TLS option is enabled, does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 client certificate, w...

6.8

CVE-2009-0543

  • EPSS 0.79%
  • Veröffentlicht 12.02.2009 16:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

ProFTPD Server 1.3.1, with NLS support enabled, allows remote attackers to bypass SQL injection protection mechanisms via invalid, encoded multibyte characters, which are not properly handled in (1) mod_sql_mysql and (2) mod_sql_postgres.

7.8

CVE-2004-0346

Exploit
  • EPSS 0.04%
  • Veröffentlicht 23.11.2004 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Off-by-one buffer overflow in _xlate_ascii_write() in ProFTPD 1.2.7 through 1.2.9rc2p allows local users to gain privileges via a 1024 byte RETR command.

5

CVE-2004-1602

Exploit
  • EPSS 3.64%
  • Veröffentlicht 15.10.2004 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response.

5

CVE-2001-0136

Exploit
  • EPSS 1.26%
  • Veröffentlicht 12.03.2001 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Memory leak in ProFTPd 1.2.0rc2 allows remote attackers to cause a denial of service via a series of USER commands, and possibly SIZE commands if the server has been improperly installed.