Vulnerabilities (CVE)

Filtered by vendor Proftpd Subscribe
Filtered by product Proftpd
Total 27 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-3867 1 Proftpd 1 Proftpd 2024-11-21 7.1 HIGH N/A
Multiple directory traversal vulnerabilities in the mod_site_misc module in ProFTPD before 1.3.3c allow remote authenticated users to create directories, delete directories, create symlinks, and modify file timestamps via directory traversal sequences in a (1) SITE MKDIR, (2) SITE RMDIR, (3) SITE SYMLINK, or (4) SITE UTIME command.
CVE-2009-3639 1 Proftpd 1 Proftpd 2024-11-21 5.8 MEDIUM N/A
The mod_tls module in ProFTPD before 1.3.2b, and 1.3.3 before 1.3.3rc2, when the dNSNameRequired TLS option is enabled, does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 client certificate, which allows remote attackers to bypass intended client-hostname restrictions via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
CVE-2009-0543 1 Proftpd 1 Proftpd 2024-11-21 6.8 MEDIUM N/A
ProFTPD Server 1.3.1, with NLS support enabled, allows remote attackers to bypass SQL injection protection mechanisms via invalid, encoded multibyte characters, which are not properly handled in (1) mod_sql_mysql and (2) mod_sql_postgres.
CVE-2008-7265 1 Proftpd 1 Proftpd 2024-11-21 4.0 MEDIUM N/A
The pr_data_xfer function in ProFTPD before 1.3.2rc3 allows remote authenticated users to cause a denial of service (CPU consumption) via an ABOR command during a data transfer.
CVE-2004-1602 1 Proftpd 1 Proftpd 2024-11-20 5.0 MEDIUM N/A
ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response.
CVE-2004-0346 1 Proftpd 1 Proftpd 2024-11-20 7.2 HIGH 7.8 HIGH
Off-by-one buffer overflow in _xlate_ascii_write() in ProFTPD 1.2.7 through 1.2.9rc2p allows local users to gain privileges via a 1024 byte RETR command.
CVE-2001-0136 4 Conectiva, Debian, Mandrakesoft and 1 more 4 Linux, Debian Linux, Mandrake Linux and 1 more 2024-11-20 5.0 MEDIUM N/A
Memory leak in ProFTPd 1.2.0rc2 allows remote attackers to cause a denial of service via a series of USER commands, and possibly SIZE commands if the server has been improperly installed.