Vulnerabilities > Proftpd Project > Proftpd

DATE CVE VULNERABILITY TITLE RISK
2009-02-12 CVE-2009-0542 SQL Injection vulnerability in Proftpd Project Proftpd 1.3.1/1.3.2/1.3.2Rc2
SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 allows remote attackers to execute arbitrary SQL commands via a "%" (percent) character in the username, which introduces a "'" (single quote) character during variable substitution by mod_sql.
network
low complexity
proftpd-project CWE-89
7.5
2008-09-25 CVE-2008-4242 Cross-Site Request Forgery (CSRF) vulnerability in Proftpd Project Proftpd 1.3.1
ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.
6.8
2007-04-22 CVE-2007-2165 Authentication Module Security Bypass vulnerability in ProFTPD AUTH
The Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which might allow remote attackers to bypass authentication, as demonstrated by use of SQLAuthTypes Plaintext in mod_sql, with data retrieved from /etc/passwd.
network
high complexity
proftpd-project
5.1
2006-12-15 CVE-2006-6563 Local Buffer Overflow vulnerability in Proftpd Project Proftpd 1.3.0/1.3.0A
Stack-based buffer overflow in the pr_ctrls_recv_request function in ctrls.c in the mod_ctrls module in ProFTPD before 1.3.1rc1 allows local users to execute arbitrary code via a large reqarglen length value.
6.6
2006-11-30 CVE-2006-6170 Remote Buffer Overflow vulnerability in ProFTPD MOD_TLS
Buffer overflow in the tls_x509_name_oneline function in the mod_tls module, as used in ProFTPD 1.3.0a and earlier, and possibly other products, allows remote attackers to execute arbitrary code via a large data length argument, a different vulnerability than CVE-2006-5815.
network
low complexity
proftpd-project
7.5
2006-11-08 CVE-2006-5815 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Proftpd Project Proftpd
Stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0 and earlier allows remote attackers, probably authenticated, to cause a denial of service and execute arbitrary code, as demonstrated by vd_proftpd.pm, a "ProFTPD remote exploit." An off-by-one string manipulation flaw in ProFTPD's sreplace() function exists allowing a remote attacker to execute arbitrary code.
network
low complexity
proftpd-project CWE-119
critical
10.0
2005-12-31 CVE-2005-4816 Buffer Overflow vulnerability in ProFTPD Mod_Radius
Buffer overflow in mod_radius in ProFTPD before 1.3.0rc2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password.
network
low complexity
proftpd-project
7.5
2005-07-27 CVE-2005-2390 Unspecified vulnerability in Proftpd Project Proftpd
Multiple format string vulnerabilities in ProFTPD before 1.3.0rc2 allow attackers to cause a denial of service or obtain sensitive information via (1) certain inputs to the shutdown message from ftpshut, or (2) the SQLShowInfo mod_sql directive.
network
low complexity
proftpd-project
6.4
2004-08-18 CVE-2004-0432 ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL entries as if they were AllowAll, which could allow FTP clients to bypass intended access restrictions.
network
low complexity
proftpd-project gentoo trustix
7.5
2003-11-17 CVE-2003-0831 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Proftpd Project Proftpd
ProFTPD 1.2.7 through 1.2.9rc2 does not properly translate newline characters when transferring files in ASCII mode, which allows remote attackers to execute arbitrary code via a buffer overflow using certain files.
network
low complexity
proftpd-project CWE-119
critical
9.0