CVSS: 7.5EPSS: 7%CPEs: 8EXPL: 1CVE-2019-18217 – Gentoo Linux Security Advisory 202003-35
https://notcve.org/view.php?id=CVE-2019-18217
21 Oct 2019 — ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauthenticated denial-of-service due to incorrect handling of overly long commands because main.c in a child process enters an infinite loop. ProFTPD versiones anteriores a 1.3.6b y versiones 1.3.7rc anteriores a 1.3.7rc2, permite una denegación de servicio remota no autenticada debido al manejo incorrecto de comandos demasiado largos porque el archivo main.c en un proceso secundario entra en un bucle infinito. Multiple vulnerabilities have be... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00009.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 9.8EPSS: 79%CPEs: 11EXPL: 3CVE-2019-12815 – Debian Security Advisory 4491-1
https://notcve.org/view.php?id=CVE-2019-12815
19 Jul 2019 — An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306. Una vulnerabilidad de copia de archivo arbitraria en mod_copy en ProFTPD hasta versión 1.3.5b, permite la ejecución de código remota y la divulgación de información sin autenticación, un problema relacionado con CVE-2015-3306. Tobias Maedel discovered that the mod_copy module of ProFTPD, a FTP/SFTP/FTPS server, performe... • https://github.com/KTN1990/CVE-2019-12815 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2017-7418 – Slackware Security Advisory - proftpd Updates
https://notcve.org/view.php?id=CVE-2017-7418
04 Apr 2017 — ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass the AllowChrootSymlinks control by replacing a path component (other than the last one) with a symbolic link. The threat model includes an attacker who is not granted full filesystem access by a hosting provider, but ... • http://bugs.proftpd.org/show_bug.cgi?id=4295 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2016-3125
https://notcve.org/view.php?id=CVE-2016-3125
05 Apr 2016 — The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow attackers to have unspecified impact via unknown vectors. El módulo mod_tls en ProFTPD en versiones anteriores a 1.3.5b y 1.3.6 en versiones anteriores a 1.3.6rc2 no maneja correctamente la directiva TLSDHParamFile, lo cual puede causar que se utilice una clave Diffie-Hellman (DH) más dé... • http://bugs.proftpd.org/show_bug.cgi?id=4230 • CWE-254: 7PK - Security Features CWE-310: Cryptographic Issues •
CVSS: 10.0EPSS: 94%CPEs: 1EXPL: 20CVE-2015-3306 – ProFTPd 1.3.5 - 'mod_copy' Command Execution
https://notcve.org/view.php?id=CVE-2015-3306
18 Apr 2015 — The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands. El módulo mod_copy en ProFTPD 1.3.5 permite a atacantes remotos leer y escribir en ficheros arbitrarios a través de los comandos site cpfr y site cpto. Vadim Melihow discovered that in proftpd-dfsg, an FTP server, the mod_copy module allowed unauthenticated users to copy files around on the server, and possibly to execute arbitrary code. • https://packetstorm.news/files/id/162777 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 2CVE-2013-4359 – Mandriva Linux Security Advisory 2013-245
https://notcve.org/view.php?id=CVE-2013-4359
24 Sep 2013 — Integer overflow in kbdint.c in mod_sftp in ProFTPD 1.3.4d and 1.3.5r3 allows remote attackers to cause a denial of service (memory consumption) via a large response count value in an authentication request, which triggers a large memory allocation. Desbordamiento de entero en kbdint.c en mod_sftp en ProFTPD 1.3.4d y 1.3.5r3 permite a atacantes remotos causar denegación de servicio (consumo de memoria) a través de un valor grande del contador de respuestas en una petición de autenticación, lo cual dispara u... • http://bugs.proftpd.org/show_bug.cgi?id=3973 • CWE-189: Numeric Errors •
CVSS: 8.1EPSS: 0%CPEs: 68EXPL: 0CVE-2012-6095 – Gentoo Linux Security Advisory 201309-15
https://notcve.org/view.php?id=CVE-2012-6095
24 Jan 2013 — ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the (1) MKD or (2) XMKD commands. ProFTPD anterior a v1.3.5rc1, cuando se usa con la directiva UserOwner, permite a usuarios locales modificar la propiedad de archivos arbitrarios a través de una condición de carrera y un ataque de enlace simbólico sobre los comandos (1) MKD o (2) XMKD. Multiple vulnerabilities have been found in ProFTPD, the... • http://bugs.proftpd.org/show_bug.cgi?id=3841 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.0EPSS: 1%CPEs: 62EXPL: 1CVE-2011-4130 – Gentoo Linux Security Advisory 201309-15
https://notcve.org/view.php?id=CVE-2011-4130
06 Dec 2011 — Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data transfer. Una vulnerabilidad de uso después de liberación en la API de Respuesta en ProFTPD antes de v1.3.3g permite a usuarios remotos autenticados ejecutar código de su elección a través de vectores que implican un error que se produce después de una transferencia de datos FTP. Multiple vulnerabilities have been f... • http://bugs.proftpd.org/show_bug.cgi?id=3711 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 6%CPEs: 65EXPL: 4CVE-2011-1137 – ProFTPd - 'mod_sftp' Integer Overflow Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2011-1137
11 Mar 2011 — Integer overflow in the mod_sftp (aka SFTP) module in ProFTPD 1.3.3d and earlier allows remote attackers to cause a denial of service (memory consumption leading to OOM kill) via a malformed SSH message. Desbordamiento de enteros en el módulo mod_sftp (también conocido como SFTP) en ProFTPD v1.3.3d y anteriores, permite a atacantes remotos provocar una denegación de servicio (agotamiento de memoria) a través de un mensaje SSH con formato incorrecto. Multiple vulnerabilities have been found in ProFTPD, the w... • https://www.exploit-db.com/exploits/16129 • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 7%CPEs: 64EXPL: 2CVE-2010-4652 – Gentoo Linux Security Advisory 201309-15
https://notcve.org/view.php?id=CVE-2010-4652
02 Feb 2011 — Heap-based buffer overflow in the sql_prepare_where function (contrib/mod_sql.c) in ProFTPD before 1.3.3d, when mod_sql is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted username containing substitution tags, which are not properly handled during construction of an SQL query. Desbordamiento de búfer en la memoria dinámica en la función sql_prepare_where (contrib/mod_sql.c) en ProFTPD anterior a v1.3.3d, cuando mod_sql está habilitado, ... • http://bugs.proftpd.org/show_bug.cgi?id=3536 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •