Proftpd Project Proftpd — known CVE vulnerabilities
Every CVE whose affected-product data names Proftpd Project Proftpd, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (19)
CVE-1999-0911 — CVSS 10.0 (critical): Buffer overflow in ProFTPD, wu-ftpd, and beroftpd allows remote attackers to gain root access via a series of MKD and CWD commands that…
CVE-2006-5815 — CVSS 10.0 (critical): Stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0 and earlier allows remote attackers, probably authenticated, to cause…
CVE-2003-0500 — CVSS 10.0 (critical): SQL injection vulnerability in the PostgreSQL authentication module (mod_sql_postgres) for ProFTPD before 1.2.9rc1 allows remote attackers…
CVE-2003-0831 — CVSS 9.0 (critical): ProFTPD 1.2.7 through 1.2.9rc2 does not properly translate newline characters when transferring files in ASCII mode, which allows remote…
CVE-2009-0542 — CVSS 7.5 (high): SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 allows remote attackers to execute arbitrary SQL commands via a "%"…
CVE-2001-0027 — CVSS 7.5 (high): mod_sqlpw module in ProFTPD does not reset a cached password when a user uses the "user" command to change accounts, which allows…
CVE-2001-0318 — CVSS 7.5 (high): Format string vulnerability in ProFTPD 1.2.0rc2 may allow attackers to execute arbitrary commands by shutting down the FTP server while…
CVE-2001-1500 — CVSS 7.5 (high): ProFTPD 1.2.2rc2, and possibly other versions, does not properly verify reverse-resolved hostnames by performing forward resolution, which…
CVE-2004-0432 — CVSS 7.5 (high): ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL entries as if they were AllowAll, which could allow FTP clients to…
CVE-2005-4816 — CVSS 7.5 (high): Buffer overflow in mod_radius in ProFTPD before 1.3.0rc2 allows remote attackers to cause a denial of service (crash) and possibly execute…
CVE-2006-6170 — CVSS 7.5 (high): Buffer overflow in the tls_x509_name_oneline function in the mod_tls module, as used in ProFTPD 1.3.0a and earlier, and possibly other…
CVE-2006-6171 — CVSS 7.5 (high): ProFTPD 1.3.0a and earlier does not properly set the buffer size limit when CommandBufferSize is specified in the configuration file, which…
CVE-2008-4242 — CVSS 6.8 (medium): ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request…
CVE-2006-6563 — CVSS 6.6 (medium): Stack-based buffer overflow in the pr_ctrls_recv_request function in ctrls.c in the mod_ctrls module in ProFTPD before 1.3.1rc1 allows…
CVE-2005-2390 — CVSS 6.4 (medium): Multiple format string vulnerabilities in ProFTPD before 1.3.0rc2 allow attackers to cause a denial of service or obtain sensitive…
CVE-2007-2165 — CVSS 5.1 (medium): The Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module…
CVE-2001-1501 — CVSS 5.0 (medium): The glob functionality in ProFTPD 1.2.1, and possibly other versions allows remote attackers to cause a denial of service (CPU and memory…
CVE-1999-1475 — CVSS 4.6 (medium): ProFTPd 1.2 compiled with the mod_sqlpw module records user passwords in the wtmp log file, which allows local users to obtain the…