CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 7CVE-2006-6563 – ProFTPd 1.3.0a - 'mod_ctrls' 'support' Local Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2006-6563
15 Dec 2006 — Stack-based buffer overflow in the pr_ctrls_recv_request function in ctrls.c in the mod_ctrls module in ProFTPD before 1.3.1rc1 allows local users to execute arbitrary code via a large reqarglen length value. Desbordamiento de búfer basado en pila en la función pr_ctrls_recv_request en ctrls.c en el módulo mod_ctrls en ProFTPD anterior a 1.3.1rc1 permite a un usuario local ejecutar código de su elección a través del valor de longitud reqarglen. • https://www.exploit-db.com/exploits/2928 •
CVSS: 9.8EPSS: 13%CPEs: 1EXPL: 2CVE-2006-6170
https://notcve.org/view.php?id=CVE-2006-6170
30 Nov 2006 — Buffer overflow in the tls_x509_name_oneline function in the mod_tls module, as used in ProFTPD 1.3.0a and earlier, and possibly other products, allows remote attackers to execute arbitrary code via a large data length argument, a different vulnerability than CVE-2006-5815. Desbordamiento de búfer en la función tls_x509_name_oneline en el módulo mod_tls, tal y como se usa en ProFTPD 1.3.0a y versiones anteriores, y posiblemente otros productos, permite a atacantes remotos ejecutar código de su elección medi... • http://elegerov.blogspot.com/2006/10/do-you-remember-2-years-old-overflow.html •
CVSS: 9.1EPSS: 1%CPEs: 1EXPL: 0CVE-2006-6171
https://notcve.org/view.php?id=CVE-2006-6171
30 Nov 2006 — ProFTPD 1.3.0a and earlier does not properly set the buffer size limit when CommandBufferSize is specified in the configuration file, which leads to an off-by-two buffer underflow. NOTE: in November 2006, the role of CommandBufferSize was originally associated with CVE-2006-5815, but this was an error stemming from a vague initial disclosure. NOTE: ProFTPD developers dispute this issue, saying that the relevant memory location is overwritten by assignment before further use within the affected function, so ... • http://proftp.cvs.sourceforge.net/proftp/proftpd/src/main.c?r1=1.292&r2=1.293&sortby=date •
CVSS: 10.0EPSS: 69%CPEs: 1EXPL: 2CVE-2006-5815 – ProFTPd 1.2 < 1.3.0 (Linux) - 'sreplace' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2006-5815
08 Nov 2006 — Stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0 and earlier allows remote attackers, probably authenticated, to cause a denial of service and execute arbitrary code, as demonstrated by vd_proftpd.pm, a "ProFTPD remote exploit." Desbordamiento de búfer basado en pila en la función sreplace en ProFTPD 1.3.0 y anteriores permite a atacantes remotos, probablemente autentificados, provocar denegación de servicio y ejecutar código de su elección, como se demostró con vd_proftpd.pm, un "explo... • https://www.exploit-db.com/exploits/16852 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 2%CPEs: 37EXPL: 0CVE-2005-4816
https://notcve.org/view.php?id=CVE-2005-4816
31 Dec 2005 — Buffer overflow in mod_radius in ProFTPD before 1.3.0rc2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password. • http://archives.neohapsis.com/archives/dailydave/2006-q1/0122.html •
CVSS: 7.5EPSS: 1%CPEs: 37EXPL: 0CVE-2005-2390
https://notcve.org/view.php?id=CVE-2005-2390
27 Jul 2005 — Multiple format string vulnerabilities in ProFTPD before 1.3.0rc2 allow attackers to cause a denial of service or obtain sensitive information via (1) certain inputs to the shutdown message from ftpshut, or (2) the SQLShowInfo mod_sql directive. Múltiples vulnerabilidades de formateo de cadenas en ProFTPD anterior a la 1..3.0rc2 permite que atacantes causen una denegación de servicio u obtengan información confidencial mediante: 1) ciertos inputs al mensaje de apagado de ftpshut o 2) la directiva SQLShowInf... • http://marc.info/?l=bugtraq&m=112604373503912&w=2 •