VYPR

Vendor CVEs

Proftpd

All CVEs

55 total · sorted by risk
  • CVE-2012-6095Jan 24, 2013
    risk 0.00cvss epss 0.01

    ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the (1) MKD or (2) XMKD commands.

  • CVE-2008-7265Nov 9, 2010
    risk 0.00cvss epss 0.03

    The pr_data_xfer function in ProFTPD before 1.3.2rc3 allows remote authenticated users to cause a denial of service (CPU consumption) via an ABOR command during a data transfer.

  • CVE-2009-3639Oct 28, 2009
    risk 0.00cvss epss 0.06

    The mod_tls module in ProFTPD before 1.3.2b, and 1.3.3 before 1.3.3rc2, when the dNSNameRequired TLS option is enabled, does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 client certificate, which allows remote attackers…

  • CVE-2001-0456Jun 27, 2001
    risk 0.00cvss epss 0.06

    postinst installation script for Proftpd in Debian 2.2 does not properly change the "run as uid/gid root" configuration when the user enables anonymous access, which causes the server to run at a higher privilege than intended.

  • CVE-1999-1475Nov 19, 1999
    risk 0.00cvss epss 0.04

    ProFTPd 1.2 compiled with the mod_sqlpw module records user passwords in the wtmp log file, which allows local users to obtain the passwords and gain privileges by reading wtmp, e.g. via the last command.

Page 2 of 2