Shodan
Vulnerabilities
Vulnerable Software
Proftpd:  Security Vulnerabilities
CVE-2010-4221
Multiple stack-based buffer overflows in the pr_netio_telnet_gets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC escape character to a (1) FTP or (2) FTPS server.
CVSS Score
10.0
EPSS Score
0.911
Published
2010-11-09
CVE-2010-3867
Multiple directory traversal vulnerabilities in the mod_site_misc module in ProFTPD before 1.3.3c allow remote authenticated users to create directories, delete directories, create symlinks, and modify file timestamps via directory traversal sequences in a (1) SITE MKDIR, (2) SITE RMDIR, (3) SITE SYMLINK, or (4) SITE UTIME command.
CVSS Score
7.1
EPSS Score
0.002
Published
2010-11-09
CVE-2008-7265
The pr_data_xfer function in ProFTPD before 1.3.2rc3 allows remote authenticated users to cause a denial of service (CPU consumption) via an ABOR command during a data transfer.
CVSS Score
4.0
EPSS Score
0.003
Published
2010-11-09
CVE-2009-3639
The mod_tls module in ProFTPD before 1.3.2b, and 1.3.3 before 1.3.3rc2, when the dNSNameRequired TLS option is enabled, does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 client certificate, which allows remote attackers to bypass intended client-hostname restrictions via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
CVSS Score
5.8
EPSS Score
0.013
Published
2009-10-28
CVE-2009-0543
ProFTPD Server 1.3.1, with NLS support enabled, allows remote attackers to bypass SQL injection protection mechanisms via invalid, encoded multibyte characters, which are not properly handled in (1) mod_sql_mysql and (2) mod_sql_postgres.
CVSS Score
6.8
EPSS Score
0.008
Published
2009-02-12
CVE-2004-0346
Off-by-one buffer overflow in _xlate_ascii_write() in ProFTPD 1.2.7 through 1.2.9rc2p allows local users to gain privileges via a 1024 byte RETR command.
CVSS Score
7.8
EPSS Score
0.0
Published
2004-11-23
CVE-2004-1602
ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response.
CVSS Score
5.0
EPSS Score
0.008
Published
2004-10-15
CVE-2001-0136
Memory leak in ProFTPd 1.2.0rc2 allows remote attackers to cause a denial of service via a series of USER commands, and possibly SIZE commands if the server has been improperly installed.
CVSS Score
5.0
EPSS Score
0.013
Published
2001-03-12


Products
Pricing
Contact Us

Shodan ® - All rights reserved