Vulnerabilities > Proftpd

DATE CVE VULNERABILITY TITLE RISK
2019-07-19 CVE-2019-12815 Improper Handling of Exceptional Conditions vulnerability in multiple products
An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306.
network
low complexity
proftpd fedoraproject debian siemens CWE-755
critical
9.8
2017-04-04 CVE-2017-7418 Link Following vulnerability in Proftpd 1.3.2/1.3.4/1.3.6
ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks.
local
low complexity
proftpd CWE-59
2.1
2016-04-05 CVE-2016-3125 Cryptographic Issues vulnerability in multiple products
The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow attackers to have unspecified impact via unknown vectors.
network
low complexity
proftpd opensuse fedoraproject CWE-310
5.0
2015-05-18 CVE-2015-3306 Improper Access Control vulnerability in Proftpd 1.3.5
The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.
network
low complexity
proftpd CWE-284
critical
10.0
2013-09-30 CVE-2013-4359 Numeric Errors vulnerability in Proftpd 1.3.4/1.3.5
Integer overflow in kbdint.c in mod_sftp in ProFTPD 1.3.4d and 1.3.5r3 allows remote attackers to cause a denial of service (memory consumption) via a large response count value in an authentication request, which triggers a large memory allocation.
network
low complexity
proftpd CWE-189
5.0
2013-01-24 CVE-2012-6095 Race Condition vulnerability in Proftpd
ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the (1) MKD or (2) XMKD commands.
local
high complexity
proftpd CWE-362
1.2
2011-12-06 CVE-2011-4130 Resource Management Errors vulnerability in Proftpd
Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data transfer.
network
low complexity
proftpd CWE-399
critical
9.0
2011-03-11 CVE-2011-1137 Numeric Errors vulnerability in Proftpd
Integer overflow in the mod_sftp (aka SFTP) module in ProFTPD 1.3.3d and earlier allows remote attackers to cause a denial of service (memory consumption leading to OOM kill) via a malformed SSH message.
network
low complexity
proftpd CWE-189
5.0
2011-02-02 CVE-2010-4652 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Proftpd
Heap-based buffer overflow in the sql_prepare_where function (contrib/mod_sql.c) in ProFTPD before 1.3.3d, when mod_sql is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted username containing substitution tags, which are not properly handled during construction of an SQL query.
network
proftpd CWE-119
6.8
2010-11-09 CVE-2010-4221 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Proftpd 1.3.2/1.3.3
Multiple stack-based buffer overflows in the pr_netio_telnet_gets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC escape character to a (1) FTP or (2) FTPS server.
network
low complexity
proftpd CWE-119
critical
10.0