Vulnerabilities > Proftpd > Proftpd > 1.3.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-04-05 | CVE-2016-3125 | Cryptographic Issues vulnerability in multiple products The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow attackers to have unspecified impact via unknown vectors. | 5.0 |
2013-01-24 | CVE-2012-6095 | Race Condition vulnerability in Proftpd ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the (1) MKD or (2) XMKD commands. | 1.2 |
2011-12-06 | CVE-2011-4130 | Resource Management Errors vulnerability in Proftpd Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data transfer. | 9.0 |
2011-03-11 | CVE-2011-1137 | Numeric Errors vulnerability in Proftpd Integer overflow in the mod_sftp (aka SFTP) module in ProFTPD 1.3.3d and earlier allows remote attackers to cause a denial of service (memory consumption leading to OOM kill) via a malformed SSH message. | 5.0 |
2011-02-02 | CVE-2010-4652 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Proftpd Heap-based buffer overflow in the sql_prepare_where function (contrib/mod_sql.c) in ProFTPD before 1.3.3d, when mod_sql is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted username containing substitution tags, which are not properly handled during construction of an SQL query. | 6.8 |
2010-11-09 | CVE-2010-3867 | Path Traversal vulnerability in Proftpd Multiple directory traversal vulnerabilities in the mod_site_misc module in ProFTPD before 1.3.3c allow remote authenticated users to create directories, delete directories, create symlinks, and modify file timestamps via directory traversal sequences in a (1) SITE MKDIR, (2) SITE RMDIR, (3) SITE SYMLINK, or (4) SITE UTIME command. | 7.1 |
2010-11-09 | CVE-2008-7265 | Resource Management Errors vulnerability in Proftpd The pr_data_xfer function in ProFTPD before 1.3.2rc3 allows remote authenticated users to cause a denial of service (CPU consumption) via an ABOR command during a data transfer. | 4.0 |
2009-10-28 | CVE-2009-3639 | Cryptographic Issues vulnerability in Proftpd The mod_tls module in ProFTPD before 1.3.2b, and 1.3.3 before 1.3.3rc2, when the dNSNameRequired TLS option is enabled, does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 client certificate, which allows remote attackers to bypass intended client-hostname restrictions via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | 5.8 |