CVE-2006-6170
https://notcve.org/view.php?id=CVE-2006-6170
Buffer overflow in the tls_x509_name_oneline function in the mod_tls module, as used in ProFTPD 1.3.0a and earlier, and possibly other products, allows remote attackers to execute arbitrary code via a large data length argument, a different vulnerability than CVE-2006-5815. Desbordamiento de búfer en la función tls_x509_name_oneline en el módulo mod_tls, tal y como se usa en ProFTPD 1.3.0a y versiones anteriores, y posiblemente otros productos, permite a atacantes remotos ejecutar código de su elección mediante un argumento con datos de gran longitud. Vulnerabilidad distinta a CVE-2006-5815. • http://elegerov.blogspot.com/2006/10/do-you-remember-2-years-old-overflow.html http://lists.grok.org.uk/pipermail/full-disclosure/2006-November/050935.html http://secunia.com/advisories/23141 http://secunia.com/advisories/23174 http://secunia.com/advisories/23179 http://secunia.com/advisories/23184 http://secunia.com/advisories/23207 http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.502491 http://www.debian.org/security/2006/dsa-1222 http:/ •
CVE-2006-5815 – ProFTPd 1.2 < 1.3.0 (Linux) - 'sreplace' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2006-5815
Stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0 and earlier allows remote attackers, probably authenticated, to cause a denial of service and execute arbitrary code, as demonstrated by vd_proftpd.pm, a "ProFTPD remote exploit." Desbordamiento de búfer basado en pila en la función sreplace en ProFTPD 1.3.0 y anteriores permite a atacantes remotos, probablemente autentificados, provocar denegación de servicio y ejecutar código de su elección, como se demostró con vd_proftpd.pm, un "exploit remoto ProFTPD". • https://www.exploit-db.com/exploits/16852 https://www.exploit-db.com/exploits/2856 http://bugs.proftpd.org/show_bug.cgi?id=2858 http://gleg.net/vulndisco_meta.shtml http://secunia.com/advisories/22803 http://secunia.com/advisories/22821 http://secunia.com/advisories/23000 http://secunia.com/advisories/23069 http://secunia.com/advisories/23125 http://secunia.com/advisories/23174 http://secunia.com/advisories/23179 http://secunia.com/advisories/23184 http://secunia& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2005-4816
https://notcve.org/view.php?id=CVE-2005-4816
Buffer overflow in mod_radius in ProFTPD before 1.3.0rc2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password. • http://archives.neohapsis.com/archives/dailydave/2006-q1/0122.html http://bugs.proftpd.org/show_bug.cgi?id=2658 http://www.debian.org/security/2007/dsa-1245 http://www.osvdb.org/23063 http://www.securityfocus.com/bid/16535 •
CVE-2004-1602 – ProFTPd 1.2.10 - Remote Users Enumeration
https://notcve.org/view.php?id=CVE-2004-1602
ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response. • https://www.exploit-db.com/exploits/581 http://marc.info/?l=bugtraq&m=109786760926133&w=2 http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02 http://securitytracker.com/id?1011687 http://www.securityfocus.com/bid/11430 https://exchange.xforce.ibmcloud.com/vulnerabilities/17724 • CWE-203: Observable Discrepancy •
CVE-2001-1500
https://notcve.org/view.php?id=CVE-2001-1500
ProFTPD 1.2.2rc2, and possibly other versions, does not properly verify reverse-resolved hostnames by performing forward resolution, which allows remote attackers to bypass ACLs or cause an incorrect client hostname to be logged. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000450 http://www.mandriva.com/security/advisories?name=MDKSA-2002:005 http://www.securityfocus.com/archive/1/212805 http://www.securityfocus.com/bid/3310 https://exchange.xforce.ibmcloud.com/vulnerabilities/7126 •