CVE-2009-0543
- EPSS 14.24%
- Veröffentlicht 12.02.2009 16:30:00
- Zuletzt bearbeitet 16.06.2026 23:05:16
ProFTPD Server 1.3.1, with NLS support enabled, allows remote attackers to bypass SQL injection protection mechanisms via invalid, encoded multibyte characters, which are not properly handled in (1) mod_sql_mysql and (2) mod_sql_postgres.
CVE-2004-0346
- EPSS 5.74%
- Veröffentlicht 23.11.2004 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:05:26
Off-by-one buffer overflow in _xlate_ascii_write() in ProFTPD 1.2.7 through 1.2.9rc2p allows local users to gain privileges via a 1024 byte RETR command.
- EPSS 30.68%
- Veröffentlicht 15.10.2004 04:00:00
- Zuletzt bearbeitet 16.06.2026 22:08:01
ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response.
- EPSS 44.94%
- Veröffentlicht 12.03.2001 05:00:00
- Zuletzt bearbeitet 16.06.2026 21:53:44
Memory leak in ProFTPd 1.2.0rc2 allows remote attackers to cause a denial of service via a series of USER commands, and possibly SIZE commands if the server has been improperly installed.