CVSS: 9.8EPSS: 13%CPEs: 1EXPL: 2CVE-2006-6170
https://notcve.org/view.php?id=CVE-2006-6170
30 Nov 2006 — Buffer overflow in the tls_x509_name_oneline function in the mod_tls module, as used in ProFTPD 1.3.0a and earlier, and possibly other products, allows remote attackers to execute arbitrary code via a large data length argument, a different vulnerability than CVE-2006-5815. Desbordamiento de búfer en la función tls_x509_name_oneline en el módulo mod_tls, tal y como se usa en ProFTPD 1.3.0a y versiones anteriores, y posiblemente otros productos, permite a atacantes remotos ejecutar código de su elección medi... • http://elegerov.blogspot.com/2006/10/do-you-remember-2-years-old-overflow.html •
CVSS: 10.0EPSS: 69%CPEs: 1EXPL: 2CVE-2006-5815 – ProFTPd 1.2 < 1.3.0 (Linux) - 'sreplace' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2006-5815
08 Nov 2006 — Stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0 and earlier allows remote attackers, probably authenticated, to cause a denial of service and execute arbitrary code, as demonstrated by vd_proftpd.pm, a "ProFTPD remote exploit." Desbordamiento de búfer basado en pila en la función sreplace en ProFTPD 1.3.0 y anteriores permite a atacantes remotos, probablemente autentificados, provocar denegación de servicio y ejecutar código de su elección, como se demostró con vd_proftpd.pm, un "explo... • https://www.exploit-db.com/exploits/16852 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 2%CPEs: 37EXPL: 0CVE-2005-4816
https://notcve.org/view.php?id=CVE-2005-4816
31 Dec 2005 — Buffer overflow in mod_radius in ProFTPD before 1.3.0rc2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password. • http://archives.neohapsis.com/archives/dailydave/2006-q1/0122.html •
CVSS: 7.5EPSS: 1%CPEs: 37EXPL: 0CVE-2005-2390
https://notcve.org/view.php?id=CVE-2005-2390
27 Jul 2005 — Multiple format string vulnerabilities in ProFTPD before 1.3.0rc2 allow attackers to cause a denial of service or obtain sensitive information via (1) certain inputs to the shutdown message from ftpshut, or (2) the SQLShowInfo mod_sql directive. Múltiples vulnerabilidades de formateo de cadenas en ProFTPD anterior a la 1..3.0rc2 permite que atacantes causen una denegación de servicio u obtengan información confidencial mediante: 1) ciertos inputs al mensaje de apagado de ftpshut o 2) la directiva SQLShowInf... • http://marc.info/?l=bugtraq&m=112604373503912&w=2 •
CVSS: 5.3EPSS: 3%CPEs: 1EXPL: 4CVE-2004-1602 – ProFTPd 1.2.10 - Remote Users Enumeration
https://notcve.org/view.php?id=CVE-2004-1602
15 Oct 2004 — ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response. • https://www.exploit-db.com/exploits/581 • CWE-203: Observable Discrepancy •
CVSS: 9.1EPSS: 1%CPEs: 17EXPL: 0CVE-2001-1500
https://notcve.org/view.php?id=CVE-2001-1500
31 Dec 2001 — ProFTPD 1.2.2rc2, and possibly other versions, does not properly verify reverse-resolved hostnames by performing forward resolution, which allows remote attackers to bypass ACLs or cause an incorrect client hostname to be logged. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000450 •