Vulnerabilities > Proftpd > Proftpd > 1.2.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-01-24 | CVE-2012-6095 | Race Condition vulnerability in Proftpd ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the (1) MKD or (2) XMKD commands. | 1.2 |
2011-12-06 | CVE-2011-4130 | Resource Management Errors vulnerability in Proftpd Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data transfer. | 9.0 |
2011-03-11 | CVE-2011-1137 | Numeric Errors vulnerability in Proftpd Integer overflow in the mod_sftp (aka SFTP) module in ProFTPD 1.3.3d and earlier allows remote attackers to cause a denial of service (memory consumption leading to OOM kill) via a malformed SSH message. | 5.0 |
2011-02-02 | CVE-2010-4652 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Proftpd Heap-based buffer overflow in the sql_prepare_where function (contrib/mod_sql.c) in ProFTPD before 1.3.3d, when mod_sql is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted username containing substitution tags, which are not properly handled during construction of an SQL query. | 6.8 |
2010-11-09 | CVE-2008-7265 | Resource Management Errors vulnerability in Proftpd The pr_data_xfer function in ProFTPD before 1.3.2rc3 allows remote authenticated users to cause a denial of service (CPU consumption) via an ABOR command during a data transfer. | 4.0 |