CVSS: 9.1EPSS: 2%CPEs: 1EXPL: 0CVE-2006-6171
https://notcve.org/view.php?id=CVE-2006-6171
30 Nov 2006 — ProFTPD 1.3.0a and earlier does not properly set the buffer size limit when CommandBufferSize is specified in the configuration file, which leads to an off-by-two buffer underflow. NOTE: in November 2006, the role of CommandBufferSize was originally associated with CVE-2006-5815, but this was an error stemming from a vague initial disclosure. NOTE: ProFTPD developers dispute this issue, saying that the relevant memory location is overwritten by assignment before further use within the affected function, so ... • http://proftp.cvs.sourceforge.net/proftp/proftpd/src/main.c?r1=1.292&r2=1.293&sortby=date •
CVSS: 10.0EPSS: 57%CPEs: 1EXPL: 2CVE-2006-5815 – ProFTPd 1.2 < 1.3.0 (Linux) - 'sreplace' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2006-5815
08 Nov 2006 — Stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0 and earlier allows remote attackers, probably authenticated, to cause a denial of service and execute arbitrary code, as demonstrated by vd_proftpd.pm, a "ProFTPD remote exploit." Desbordamiento de búfer basado en pila en la función sreplace en ProFTPD 1.3.0 y anteriores permite a atacantes remotos, probablemente autentificados, provocar denegación de servicio y ejecutar código de su elección, como se demostró con vd_proftpd.pm, un "explo... • https://www.exploit-db.com/exploits/16852 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 7%CPEs: 37EXPL: 0CVE-2005-4816
https://notcve.org/view.php?id=CVE-2005-4816
31 Dec 2005 — Buffer overflow in mod_radius in ProFTPD before 1.3.0rc2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password. • http://archives.neohapsis.com/archives/dailydave/2006-q1/0122.html •
CVSS: 5.3EPSS: 1%CPEs: 1EXPL: 4CVE-2004-1602 – ProFTPd 1.2.10 - Remote Users Enumeration
https://notcve.org/view.php?id=CVE-2004-1602
15 Oct 2004 — ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response. • https://www.exploit-db.com/exploits/581 • CWE-203: Observable Discrepancy •
CVSS: 9.1EPSS: 0%CPEs: 17EXPL: 0CVE-2001-1500
https://notcve.org/view.php?id=CVE-2001-1500
31 Dec 2001 — ProFTPD 1.2.2rc2, and possibly other versions, does not properly verify reverse-resolved hostnames by performing forward resolution, which allows remote attackers to bypass ACLs or cause an incorrect client hostname to be logged. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000450 •
CVSS: 7.5EPSS: 12%CPEs: 4EXPL: 5CVE-2001-0136 – ProFTPd 1.2.0 pre10 - Remote Denial of Service
https://notcve.org/view.php?id=CVE-2001-0136
12 Mar 2001 — Memory leak in ProFTPd 1.2.0rc2 allows remote attackers to cause a denial of service via a series of USER commands, and possibly SIZE commands if the server has been improperly installed. • https://www.exploit-db.com/exploits/244 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-1999-1475
https://notcve.org/view.php?id=CVE-1999-1475
19 Nov 1999 — ProFTPd 1.2 compiled with the mod_sqlpw module records user passwords in the wtmp log file, which allows local users to obtain the passwords and gain privileges by reading wtmp, e.g. via the last command. • http://www.securityfocus.com/archive/1/35483 •
CVSS: 10.0EPSS: 2%CPEs: 5EXPL: 2CVE-1999-0911 – ProFTPd 1.2 pre1/pre2/pre3/pre4/pre5 - Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-1999-0911
27 Aug 1999 — Buffer overflow in ProFTPD, wu-ftpd, and beroftpd allows remote attackers to gain root access via a series of MKD and CWD commands that create nested directories. • https://www.exploit-db.com/exploits/19475 •