CVSS: 6.5EPSS: 0%CPEs: 48EXPL: 0CVE-2008-7265
https://notcve.org/view.php?id=CVE-2008-7265
09 Nov 2010 — The pr_data_xfer function in ProFTPD before 1.3.2rc3 allows remote authenticated users to cause a denial of service (CPU consumption) via an ABOR command during a data transfer. La función pr_data_xfer en ProFTPD anterior a v1.3.2rc3 permite a usuarios autenticados remotamente provocar una denegación de servicio (agotamiento de CPU) a través de un comando ABOR durante una transferencia de datos. • http://bugs.proftpd.org/show_bug.cgi?id=3131 • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 92%CPEs: 15EXPL: 6CVE-2010-4221 – ProFTPd 1.3.2 rc3 < 1.3.3b (FreeBSD) - Telnet IAC Buffer Overflow
https://notcve.org/view.php?id=CVE-2010-4221
09 Nov 2010 — Multiple stack-based buffer overflows in the pr_netio_telnet_gets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC escape character to a (1) FTP or (2) FTPS server. Múltiples desbordamientos de búfer basados en pila en la función pr_netio_telnet_gets en netio.c en ProFTPD anterior v1.3.3c permite a atacantes remotos ejecutar código de su elección a través de vectores que involucran un caracter escape TELNET IAC en servidores (1)... • https://www.exploit-db.com/exploits/16878 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 0CVE-2009-3639
https://notcve.org/view.php?id=CVE-2009-3639
28 Oct 2009 — The mod_tls module in ProFTPD before 1.3.2b, and 1.3.3 before 1.3.3rc2, when the dNSNameRequired TLS option is enabled, does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 client certificate, which allows remote attackers to bypass intended client-hostname restrictions via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. El módulo mod_tls en ProFTPD anterior v1.3.2b, y v1.3.3 anterior v1.3.3rc2, c... • http://bugs.proftpd.org/show_bug.cgi?id=3275 • CWE-310: Cryptographic Issues •
CVSS: 9.8EPSS: 64%CPEs: 3EXPL: 2CVE-2009-0542 – ProFTPd - 'mod_mysql' Authentication Bypass
https://notcve.org/view.php?id=CVE-2009-0542
12 Feb 2009 — SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 allows remote attackers to execute arbitrary SQL commands via a "%" (percent) character in the username, which introduces a "'" (single quote) character during variable substitution by mod_sql. Vulnerabilidad de inyección SQL en el ProFTPD Server v1.3.1 hasta v1.3.2rc2, permite a atacantes remotos ejecutar comandos SQL de su elección a través de un carácter "%" (porcentaje) en el nombre de usuario, esto introduce un carácter "'" (comilla s... • https://www.exploit-db.com/exploits/8037 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 1CVE-2009-0543 – ProFTPd - 'mod_mysql' Authentication Bypass
https://notcve.org/view.php?id=CVE-2009-0543
12 Feb 2009 — ProFTPD Server 1.3.1, with NLS support enabled, allows remote attackers to bypass SQL injection protection mechanisms via invalid, encoded multibyte characters, which are not properly handled in (1) mod_sql_mysql and (2) mod_sql_postgres. ProFTPD Server v1.3.1, con soporte NLS habilitado, permite a atacantes remotos evitar los mecanismos de protección de inyección SQL a través de caracteres multibyte inválidos y codificados, que no son correctamente manejados en (1) mod_sql_mysql y (2) mod_sql_postgres. • https://www.exploit-db.com/exploits/8037 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 3%CPEs: 1EXPL: 1CVE-2008-4242
https://notcve.org/view.php?id=CVE-2008-4242
25 Sep 2008 — ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser. ProFTPD v1.3.1 interpreta como múltiples comandos los comandos largos de un cliente FTP, lo que permite a atacantes remotos llevar a cabo ataques de falsificación de petición en sitios cruzados (CSFR) y e... • http://bugs.proftpd.org/show_bug.cgi?id=3115 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2007-2165
https://notcve.org/view.php?id=CVE-2007-2165
22 Apr 2007 — The Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which might allow remote attackers to bypass authentication, as demonstrated by use of SQLAuthTypes Plaintext in mod_sql, with data retrieved from /etc/passwd. El API en ProFTPD anterior 20070417, cuando se configuran múltiples módulos de validación de forma simultanea, no requiere ... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=419255 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 7CVE-2006-6563 – ProFTPd 1.3.0a - 'mod_ctrls' 'support' Local Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2006-6563
15 Dec 2006 — Stack-based buffer overflow in the pr_ctrls_recv_request function in ctrls.c in the mod_ctrls module in ProFTPD before 1.3.1rc1 allows local users to execute arbitrary code via a large reqarglen length value. Desbordamiento de búfer basado en pila en la función pr_ctrls_recv_request en ctrls.c en el módulo mod_ctrls en ProFTPD anterior a 1.3.1rc1 permite a un usuario local ejecutar código de su elección a través del valor de longitud reqarglen. • https://www.exploit-db.com/exploits/2928 •
CVSS: 9.8EPSS: 13%CPEs: 1EXPL: 2CVE-2006-6170
https://notcve.org/view.php?id=CVE-2006-6170
30 Nov 2006 — Buffer overflow in the tls_x509_name_oneline function in the mod_tls module, as used in ProFTPD 1.3.0a and earlier, and possibly other products, allows remote attackers to execute arbitrary code via a large data length argument, a different vulnerability than CVE-2006-5815. Desbordamiento de búfer en la función tls_x509_name_oneline en el módulo mod_tls, tal y como se usa en ProFTPD 1.3.0a y versiones anteriores, y posiblemente otros productos, permite a atacantes remotos ejecutar código de su elección medi... • http://elegerov.blogspot.com/2006/10/do-you-remember-2-years-old-overflow.html •
CVSS: 9.1EPSS: 1%CPEs: 1EXPL: 0CVE-2006-6171
https://notcve.org/view.php?id=CVE-2006-6171
30 Nov 2006 — ProFTPD 1.3.0a and earlier does not properly set the buffer size limit when CommandBufferSize is specified in the configuration file, which leads to an off-by-two buffer underflow. NOTE: in November 2006, the role of CommandBufferSize was originally associated with CVE-2006-5815, but this was an error stemming from a vague initial disclosure. NOTE: ProFTPD developers dispute this issue, saying that the relevant memory location is overwritten by assignment before further use within the affected function, so ... • http://proftp.cvs.sourceforge.net/proftp/proftpd/src/main.c?r1=1.292&r2=1.293&sortby=date •