Page 5 of 28 results (0.005 seconds)

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0

ProFTPD 1.3.0a and earlier does not properly set the buffer size limit when CommandBufferSize is specified in the configuration file, which leads to an off-by-two buffer underflow. NOTE: in November 2006, the role of CommandBufferSize was originally associated with CVE-2006-5815, but this was an error stemming from a vague initial disclosure. NOTE: ProFTPD developers dispute this issue, saying that the relevant memory location is overwritten by assignment before further use within the affected function, so this is not a vulnerability ** IMPUGNADO ** ProFTPD 1.3.0a y versiones anteriores no asigna apropiadamente el límite del búfer cuando se especifica CommandBufferSize en el fichero de configuración, lo que conduce a un desbordamiento inferior de búfer por superación de límite (off-by-twho). NOTA: En Noviembre de 2006, el rol de CommandBufferSize fue originalmente asociado con CVE-2006-5815, lo cual fue erroneo debido a un vago descubrimiento inicial. NOTA: Los desarrolladores de ProFTPD impugnaron esta vulnerabilidad, diciendo que la ubicación de memoria es sobre-escrita por asignación antes de ser usada con la función afectada, así que no es una vulnerabilidad. • http://proftp.cvs.sourceforge.net/proftp/proftpd/src/main.c?r1=1.292&r2=1.293&sortby=date http://secunia.com/advisories/23174 http://secunia.com/advisories/23179 http://secunia.com/advisories/23184 http://secunia.com/advisories/23207 http://secunia.com/advisories/23329 http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.502491 http://www.debian.org/security/2006/dsa-1218 http://www.debian.org/security/2006/dsa-1222 http://www.gentoo •

CVSS: 10.0EPSS: 62%CPEs: 1EXPL: 2

Stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0 and earlier allows remote attackers, probably authenticated, to cause a denial of service and execute arbitrary code, as demonstrated by vd_proftpd.pm, a "ProFTPD remote exploit." Desbordamiento de búfer basado en pila en la función sreplace en ProFTPD 1.3.0 y anteriores permite a atacantes remotos, probablemente autentificados, provocar denegación de servicio y ejecutar código de su elección, como se demostró con vd_proftpd.pm, un "exploit remoto ProFTPD". • https://www.exploit-db.com/exploits/16852 https://www.exploit-db.com/exploits/2856 http://bugs.proftpd.org/show_bug.cgi?id=2858 http://gleg.net/vulndisco_meta.shtml http://secunia.com/advisories/22803 http://secunia.com/advisories/22821 http://secunia.com/advisories/23000 http://secunia.com/advisories/23069 http://secunia.com/advisories/23125 http://secunia.com/advisories/23174 http://secunia.com/advisories/23179 http://secunia.com/advisories/23184 http://secunia& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.5EPSS: 7%CPEs: 37EXPL: 0

Buffer overflow in mod_radius in ProFTPD before 1.3.0rc2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password. • http://archives.neohapsis.com/archives/dailydave/2006-q1/0122.html http://bugs.proftpd.org/show_bug.cgi?id=2658 http://www.debian.org/security/2007/dsa-1245 http://www.osvdb.org/23063 http://www.securityfocus.com/bid/16535 •

CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 4

ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response. • https://www.exploit-db.com/exploits/581 http://marc.info/?l=bugtraq&m=109786760926133&w=2 http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02 http://securitytracker.com/id?1011687 http://www.securityfocus.com/bid/11430 https://exchange.xforce.ibmcloud.com/vulnerabilities/17724 • CWE-203: Observable Discrepancy •

CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 0

ProFTPD 1.2.2rc2, and possibly other versions, does not properly verify reverse-resolved hostnames by performing forward resolution, which allows remote attackers to bypass ACLs or cause an incorrect client hostname to be logged. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000450 http://www.mandriva.com/security/advisories?name=MDKSA-2002:005 http://www.securityfocus.com/archive/1/212805 http://www.securityfocus.com/bid/3310 https://exchange.xforce.ibmcloud.com/vulnerabilities/7126 •