Vulnerabilities > Proftpd > Low

DATE CVE VULNERABILITY TITLE RISK
2017-04-04 CVE-2017-7418 Link Following vulnerability in Proftpd 1.3.2/1.3.4/1.3.6
ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks.
local
low complexity
proftpd CWE-59
2.1
2013-01-24 CVE-2012-6095 Race Condition vulnerability in Proftpd
ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the (1) MKD or (2) XMKD commands.
local
high complexity
proftpd CWE-362
1.2