Proftpd : Security vulnerabilities, CVEs published in 2010

Copy

CVE-2010-4221

Public exploit

Multiple stack-based buffer overflows in the pr_netio_telnet_gets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC escape character to a (1) FTP or (2) FTPS server.

Max CVSS

10.0

EPSS Score

96.41%

Published

2010-11-09

Updated

2011-09-15

CVE-2010-3867

Multiple directory traversal vulnerabilities in the mod_site_misc module in ProFTPD before 1.3.3c allow remote authenticated users to create directories, delete directories, create symlinks, and modify file timestamps via directory traversal sequences in a (1) SITE MKDIR, (2) SITE RMDIR, (3) SITE SYMLINK, or (4) SITE UTIME command.

Max CVSS

7.1

EPSS Score

0.57%

Published

2010-11-09

Updated

2011-09-15

CVE-2008-7265

The pr_data_xfer function in ProFTPD before 1.3.2rc3 allows remote authenticated users to cause a denial of service (CPU consumption) via an ABOR command during a data transfer.

Max CVSS

4.0

EPSS Score

0.15%

Published

2010-11-09

Updated

2011-03-18

3 vulnerabilities found

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!