CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2017-7418 – Slackware Security Advisory - proftpd Updates
https://notcve.org/view.php?id=CVE-2017-7418
04 Apr 2017 — ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass the AllowChrootSymlinks control by replacing a path component (other than the last one) with a symbolic link. The threat model includes an attacker who is not granted full filesystem access by a hosting provider, but ... • http://bugs.proftpd.org/show_bug.cgi?id=4295 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2016-3125
https://notcve.org/view.php?id=CVE-2016-3125
05 Apr 2016 — The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow attackers to have unspecified impact via unknown vectors. El módulo mod_tls en ProFTPD en versiones anteriores a 1.3.5b y 1.3.6 en versiones anteriores a 1.3.6rc2 no maneja correctamente la directiva TLSDHParamFile, lo cual puede causar que se utilice una clave Diffie-Hellman (DH) más dé... • http://bugs.proftpd.org/show_bug.cgi?id=4230 • CWE-254: 7PK - Security Features CWE-310: Cryptographic Issues •
CVSS: 10.0EPSS: 94%CPEs: 1EXPL: 20CVE-2015-3306 – ProFTPd 1.3.5 - 'mod_copy' Command Execution
https://notcve.org/view.php?id=CVE-2015-3306
18 Apr 2015 — The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands. El módulo mod_copy en ProFTPD 1.3.5 permite a atacantes remotos leer y escribir en ficheros arbitrarios a través de los comandos site cpfr y site cpto. Vadim Melihow discovered that in proftpd-dfsg, an FTP server, the mod_copy module allowed unauthenticated users to copy files around on the server, and possibly to execute arbitrary code. • https://packetstorm.news/files/id/162777 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 2CVE-2013-4359 – Mandriva Linux Security Advisory 2013-245
https://notcve.org/view.php?id=CVE-2013-4359
24 Sep 2013 — Integer overflow in kbdint.c in mod_sftp in ProFTPD 1.3.4d and 1.3.5r3 allows remote attackers to cause a denial of service (memory consumption) via a large response count value in an authentication request, which triggers a large memory allocation. Desbordamiento de entero en kbdint.c en mod_sftp en ProFTPD 1.3.4d y 1.3.5r3 permite a atacantes remotos causar denegación de servicio (consumo de memoria) a través de un valor grande del contador de respuestas en una petición de autenticación, lo cual dispara u... • http://bugs.proftpd.org/show_bug.cgi?id=3973 • CWE-189: Numeric Errors •