Page 5 of 42 results (0.008 seconds)

CVSS: 7.5EPSS: 92%CPEs: 3EXPL: 2

CVE-2009-0542 – ProFTPd - 'mod_mysql' Authentication Bypass

https://notcve.org/view.php?id=CVE-2009-0542

SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 allows remote attackers to execute arbitrary SQL commands via a "%" (percent) character in the username, which introduces a "'" (single quote) character during variable substitution by mod_sql. Vulnerabilidad de inyección SQL en el ProFTPD Server v1.3.1 hasta v1.3.2rc2, permite a atacantes remotos ejecutar comandos SQL de su elección a través de un carácter "%" (porcentaje) en el nombre de usuario, esto introduce un carácter "'" (comilla simple) durante la sustitución de variable por mod_sql. • https://www.exploit-db.com/exploits/8037 https://www.exploit-db.com/exploits/32798 http://bugs.proftpd.org/show_bug.cgi?id=3180 http://secunia.com/advisories/34268 http://security.gentoo.org/glsa/glsa-200903-27.xml http://www.debian.org/security/2009/dsa-1730 http://www.mandriva.com/security/advisories?name=MDVSA-2009:061 http://www.openwall.com/lists/oss-security/2009/02/11/1 http://www.openwall.com/lists/oss-security/2009/02/11/3 http://www.openwall • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2009-0543 – ProFTPd - 'mod_mysql' Authentication Bypass

https://notcve.org/view.php?id=CVE-2009-0543

ProFTPD Server 1.3.1, with NLS support enabled, allows remote attackers to bypass SQL injection protection mechanisms via invalid, encoded multibyte characters, which are not properly handled in (1) mod_sql_mysql and (2) mod_sql_postgres. ProFTPD Server v1.3.1, con soporte NLS habilitado, permite a atacantes remotos evitar los mecanismos de protección de inyección SQL a través de caracteres multibyte inválidos y codificados, que no son correctamente manejados en (1) mod_sql_mysql y (2) mod_sql_postgres. • https://www.exploit-db.com/exploits/8037 http://bugs.proftpd.org/show_bug.cgi?id=3173 http://secunia.com/advisories/34268 http://security.gentoo.org/glsa/glsa-200903-27.xml http://www.debian.org/security/2009/dsa-1730 http://www.mandriva.com/security/advisories?name=MDVSA-2009:061 http://www.openwall.com/lists/oss-security/2009/02/11/4 http://www.openwall.com/lists/oss-security/2009/02/11/5 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 1

CVE-2008-4242

https://notcve.org/view.php?id=CVE-2008-4242

ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser. ProFTPD v1.3.1 interpreta como múltiples comandos los comandos largos de un cliente FTP, lo que permite a atacantes remotos llevar a cabo ataques de falsificación de petición en sitios cruzados (CSFR) y ejecutar comdos FTP de su elección a través de una URI ftp:// larga que aprovecha la sesión existente en la implementación de cliente FTP en un navegador web. • http://bugs.proftpd.org/show_bug.cgi?id=3115 http://secunia.com/advisories/31930 http://secunia.com/advisories/33261 http://secunia.com/advisories/33413 http://securityreason.com/achievement_securityalert/56 http://securityreason.com/securityalert/4313 http://www.debian.org/security/2008/dsa-1689 http://www.mandriva.com/security/advisories?name=MDVSA-2009:061 http://www.securityfocus.com/bid/31289 http://www.securitytracker.com/id?1020945 https://exchange.xforce.ibmcloud.com/vulnerabil • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.1EPSS: 86%CPEs: 1EXPL: 0

CVE-2007-2165

https://notcve.org/view.php?id=CVE-2007-2165

The Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which might allow remote attackers to bypass authentication, as demonstrated by use of SQLAuthTypes Plaintext in mod_sql, with data retrieved from /etc/passwd. El API en ProFTPD anterior 20070417, cuando se configuran múltiples módulos de validación de forma simultanea, no requiere que el módulo que valida la autenticación en el mismo módulo que recupera los datos de validación, lo cual podría permitir a atacantes remotos evitar la validación, como se demostró con el uso SQLAuthTypes Plaintext en mod_sql, con datos recuperados de /etc/passwd. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=419255 http://bugs.proftpd.org/show_bug.cgi?id=2922 http://osvdb.org/34602 http://secunia.com/advisories/24867 http://secunia.com/advisories/25724 http://secunia.com/advisories/27516 http://securitytracker.com/id?1017931 http://www.mandriva.com/security/advisories?name=MDKSA-2007:130 http://www.securityfocus.com/bid/23546 http://www.vupen.com/english/advisories/2007/1444 https://bugzilla.redhat.com/show_bug.cgi? •

CVSS: 6.6EPSS: 0%CPEs: 2EXPL: 7

CVE-2006-6563 – ProFTPd 1.3.0a - 'mod_ctrls' 'support' Local Buffer Overflow (PoC)

https://notcve.org/view.php?id=CVE-2006-6563

Stack-based buffer overflow in the pr_ctrls_recv_request function in ctrls.c in the mod_ctrls module in ProFTPD before 1.3.1rc1 allows local users to execute arbitrary code via a large reqarglen length value. Desbordamiento de búfer basado en pila en la función pr_ctrls_recv_request en ctrls.c en el módulo mod_ctrls en ProFTPD anterior a 1.3.1rc1 permite a un usuario local ejecutar código de su elección a través del valor de longitud reqarglen. • https://www.exploit-db.com/exploits/2928 https://www.exploit-db.com/exploits/394 https://www.exploit-db.com/exploits/3330 https://www.exploit-db.com/exploits/3333 http://secunia.com/advisories/23371 http://secunia.com/advisories/23392 http://secunia.com/advisories/23473 http://secunia.com/advisories/24163 http://security.gentoo.org/glsa/glsa-200702-02.xml http://www.coresecurity.com/?module=ContentMod&action=item&id=1594 http://www.mandriva.com/security/advisories?name •