Proftpd
by Proftpd
Source repositories
CVEs (55)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2001-0027 | 0.01 | — | 0.06 | Feb 12, 2001 | mod_sqlpw module in ProFTPD does not reset a cached password when a user uses the "user" command to change accounts, which allows authenticated attackers to gain privileges of other users. | |||
| CVE-2026-35025 | 0.00 | — | 0.00 | Jun 24, 2026 | ProFTPD through 1.3.9b and 1.3.10rc2 contains an access control bypass vulnerability that allows authenticated FTP users to circumvent Directory ACL restrictions by prefixing paths with /proc/self/root in the RNFR command handler. Attackers can exploit the unresolved symlink… | |||
| CVE-2021-46854 | 0.00 | — | 0.01 | Nov 23, 2022 | mod_radius in ProFTPD before 1.3.7c allows memory disclosure to RADIUS servers because it copies blocks of 16 characters. | |||
| CVE-2020-9272 | 0.00 | — | 0.02 | Feb 20, 2020 | ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap via the cap_text.c cap_to_text function. | |||
| CVE-2019-19269 | 0.00 | — | 0.02 | Nov 26, 2019 | An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL sk_X509_REVOKED_value() function when encountering an empty CRL installed by a system administrator. The dereference occurs… | |||
| CVE-2019-19270 | 0.00 | — | 0.01 | Nov 26, 2019 | An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. Failure to check for the appropriate field of a CRL entry (checking twice for subject, rather than once for subject and once for issuer) prevents some valid CRLs from being taken into account, and can allow… | |||
| CVE-2019-19271 | 0.00 | — | 0.01 | Nov 26, 2019 | An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. A wrong iteration variable, used when checking a client certificate against CRL entries (installed by a system administrator), can cause some CRL entries to be ignored, and can allow clients whose certificates… | |||
| CVE-2019-19272 | 0.00 | — | 0.01 | Nov 26, 2019 | An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. Direct dereference of a NULL pointer (a variable initialized to NULL) leads to a crash when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup. | |||
| CVE-2019-18217 | 0.00 | — | 0.20 | Oct 21, 2019 | ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauthenticated denial-of-service due to incorrect handling of overly long commands because main.c in a child process enters an infinite loop. | |||
| CVE-2013-4359 | 0.00 | — | 0.03 | Sep 30, 2013 | Integer overflow in kbdint.c in mod_sftp in ProFTPD 1.3.4d and 1.3.5r3 allows remote attackers to cause a denial of service (memory consumption) via a large response count value in an authentication request, which triggers a large memory allocation. | |||
| CVE-2012-6095 | 0.00 | — | 0.01 | Jan 24, 2013 | ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the (1) MKD or (2) XMKD commands. | |||
| CVE-2008-7265 | 0.00 | — | 0.03 | Nov 9, 2010 | The pr_data_xfer function in ProFTPD before 1.3.2rc3 allows remote authenticated users to cause a denial of service (CPU consumption) via an ABOR command during a data transfer. | |||
| CVE-2009-3639 | 0.00 | — | 0.06 | Oct 28, 2009 | The mod_tls module in ProFTPD before 1.3.2b, and 1.3.3 before 1.3.3rc2, when the dNSNameRequired TLS option is enabled, does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 client certificate, which allows remote attackers… | |||
| CVE-2001-0456 | 0.00 | — | 0.06 | Jun 27, 2001 | postinst installation script for Proftpd in Debian 2.2 does not properly change the "run as uid/gid root" configuration when the user enables anonymous access, which causes the server to run at a higher privilege than intended. | |||
| CVE-1999-1475 | 0.00 | — | 0.04 | Nov 19, 1999 | ProFTPd 1.2 compiled with the mod_sqlpw module records user passwords in the wtmp log file, which allows local users to obtain the passwords and gain privileges by reading wtmp, e.g. via the last command. |
- CVE-2001-0027Feb 12, 2001risk 0.01cvss —epss 0.06
mod_sqlpw module in ProFTPD does not reset a cached password when a user uses the "user" command to change accounts, which allows authenticated attackers to gain privileges of other users.
- CVE-2026-35025Jun 24, 2026risk 0.00cvss —epss 0.00
ProFTPD through 1.3.9b and 1.3.10rc2 contains an access control bypass vulnerability that allows authenticated FTP users to circumvent Directory ACL restrictions by prefixing paths with /proc/self/root in the RNFR command handler. Attackers can exploit the unresolved symlink…
- CVE-2021-46854Nov 23, 2022risk 0.00cvss —epss 0.01
mod_radius in ProFTPD before 1.3.7c allows memory disclosure to RADIUS servers because it copies blocks of 16 characters.
- CVE-2020-9272Feb 20, 2020risk 0.00cvss —epss 0.02
ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap via the cap_text.c cap_to_text function.
- CVE-2019-19269Nov 26, 2019risk 0.00cvss —epss 0.02
An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL sk_X509_REVOKED_value() function when encountering an empty CRL installed by a system administrator. The dereference occurs…
- CVE-2019-19270Nov 26, 2019risk 0.00cvss —epss 0.01
An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. Failure to check for the appropriate field of a CRL entry (checking twice for subject, rather than once for subject and once for issuer) prevents some valid CRLs from being taken into account, and can allow…
- CVE-2019-19271Nov 26, 2019risk 0.00cvss —epss 0.01
An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. A wrong iteration variable, used when checking a client certificate against CRL entries (installed by a system administrator), can cause some CRL entries to be ignored, and can allow clients whose certificates…
- CVE-2019-19272Nov 26, 2019risk 0.00cvss —epss 0.01
An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. Direct dereference of a NULL pointer (a variable initialized to NULL) leads to a crash when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup.
- CVE-2019-18217Oct 21, 2019risk 0.00cvss —epss 0.20
ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauthenticated denial-of-service due to incorrect handling of overly long commands because main.c in a child process enters an infinite loop.
- CVE-2013-4359Sep 30, 2013risk 0.00cvss —epss 0.03
Integer overflow in kbdint.c in mod_sftp in ProFTPD 1.3.4d and 1.3.5r3 allows remote attackers to cause a denial of service (memory consumption) via a large response count value in an authentication request, which triggers a large memory allocation.
- CVE-2012-6095Jan 24, 2013risk 0.00cvss —epss 0.01
ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the (1) MKD or (2) XMKD commands.
- CVE-2008-7265Nov 9, 2010risk 0.00cvss —epss 0.03
The pr_data_xfer function in ProFTPD before 1.3.2rc3 allows remote authenticated users to cause a denial of service (CPU consumption) via an ABOR command during a data transfer.
- CVE-2009-3639Oct 28, 2009risk 0.00cvss —epss 0.06
The mod_tls module in ProFTPD before 1.3.2b, and 1.3.3 before 1.3.3rc2, when the dNSNameRequired TLS option is enabled, does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 client certificate, which allows remote attackers…
- CVE-2001-0456Jun 27, 2001risk 0.00cvss —epss 0.06
postinst installation script for Proftpd in Debian 2.2 does not properly change the "run as uid/gid root" configuration when the user enables anonymous access, which causes the server to run at a higher privilege than intended.
- CVE-1999-1475Nov 19, 1999risk 0.00cvss —epss 0.04
ProFTPd 1.2 compiled with the mod_sqlpw module records user passwords in the wtmp log file, which allows local users to obtain the passwords and gain privileges by reading wtmp, e.g. via the last command.
Page 3 of 3