Vulnerabilities > Proftpd > High

DATE CVE VULNERABILITY TITLE RISK
2023-12-22 CVE-2023-51713 Out-of-bounds Read vulnerability in Proftpd
make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash semantics.
network
low complexity
proftpd CWE-125
7.5
2022-11-23 CVE-2021-46854 Memory Leak vulnerability in Proftpd
mod_radius in ProFTPD before 1.3.7c allows memory disclosure to RADIUS servers because it copies blocks of 16 characters.
network
low complexity
proftpd CWE-401
7.5
2020-02-20 CVE-2020-9273 Use After Free vulnerability in multiple products
In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel.
8.8
2019-11-26 CVE-2019-19270 Improper Certificate Validation vulnerability in multiple products
An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b.
network
low complexity
proftpd fedoraproject CWE-295
7.5
2019-10-21 CVE-2019-18217 Infinite Loop vulnerability in Proftpd
ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauthenticated denial-of-service due to incorrect handling of overly long commands because main.c in a child process enters an infinite loop.
network
low complexity
proftpd CWE-835
7.5
2010-11-09 CVE-2010-3867 Path Traversal vulnerability in Proftpd
Multiple directory traversal vulnerabilities in the mod_site_misc module in ProFTPD before 1.3.3c allow remote authenticated users to create directories, delete directories, create symlinks, and modify file timestamps via directory traversal sequences in a (1) SITE MKDIR, (2) SITE RMDIR, (3) SITE SYMLINK, or (4) SITE UTIME command.
network
high complexity
proftpd CWE-22
7.1
2004-11-23 CVE-2004-0346 Off-by-one Error vulnerability in Proftpd 1.2.7/1.2.8/1.2.9
Off-by-one buffer overflow in _xlate_ascii_write() in ProFTPD 1.2.7 through 1.2.9rc2p allows local users to gain privileges via a 1024 byte RETR command.
local
low complexity
proftpd CWE-193
7.8