Proftpd Project : Security Vulnerabilities, CVEs, CVSS score >= 8
CVE-2006-5815
Public exploit
Stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0 and earlier allows remote attackers, probably authenticated, to cause a denial of service and execute arbitrary code, as demonstrated by vd_proftpd.pm, a "ProFTPD remote exploit."
Max CVSS
10.0
EPSS Score
54.09%
Published
2006-11-08
Updated
2018-10-17
ProFTPD 1.2.7 through 1.2.9rc2 does not properly translate newline characters when transferring files in ASCII mode, which allows remote attackers to execute arbitrary code via a buffer overflow using certain files.
Max CVSS
9.0
EPSS Score
13.38%
Published
2003-11-17
Updated
2017-10-05
SQL injection vulnerability in the PostgreSQL authentication module (mod_sql_postgres) for ProFTPD before 1.2.9rc1 allows remote attackers to execute arbitrary SQL and gain privileges by bypassing authentication or stealing passwords via the USER name.
Max CVSS
10.0
EPSS Score
0.21%
Published
2003-08-07
Updated
2008-09-05
Buffer overflow in ProFTPD, wu-ftpd, and beroftpd allows remote attackers to gain root access via a series of MKD and CWD commands that create nested directories.
Max CVSS
10.0
EPSS Score
2.45%
Published
1999-08-27
Updated
2008-09-09
Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto.
Max CVSS
10.0
EPSS Score
8.59%
Published
1999-02-09
Updated
2022-08-17
5 vulnerabilities found