exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed

CVE-2015-3306

Status Candidate

Overview

The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.

Related Files

ProFTPd 1.3.5 Remote Command Execution
Posted May 26, 2021
Authored by Shellbr3ak

ProFTPd version 1.3.5 remote command execution exploit. This is a variant of the original vulnerability discovered in 2015 with credit going to R-73eN.

tags | exploit, remote
advisories | CVE-2015-3306
SHA-256 | 36d3e6266ecfe1baa5561af1301eeadc1a956f587f58731fbeed05f16dec3a89
ProFTPD 1.3.5 Mod_Copy Command Execution
Posted Jun 10, 2015
Authored by Vadim Melihow | Site metasploit.com

This Metasploit module exploits the SITE CPFR/CPTO commands in ProFTPD version 1.3.5. Any unauthenticated client can leverage these commands to copy files from any part of the filesystem to a chosen destination. The copy commands are executed with the rights of the ProFTPD service, which by default runs under the privileges of the 'nobody' user. By using /proc/self/cmdline to copy a PHP payload to the website directory, PHP remote code execution is made possible.

tags | exploit, remote, php, code execution
advisories | CVE-2015-3306
SHA-256 | 6b1b6947386e30749005cc4bbf96249cdc5ee569e7eb6a39db9bbb3306f97451
Debian Security Advisory 3263-1
Posted May 20, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3263-1 - Vadim Melihow discovered that in proftpd-dfsg, an FTP server, the mod_copy module allowed unauthenticated users to copy files around on the server, and possibly to execute arbitrary code.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2015-3306
SHA-256 | ac6dcf2b8a50d76523a286978d647d532f4c498be4105ebfdf07388d03782759
Slackware Security Advisory - proftpd Updates
Posted Apr 22, 2015
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New proftpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2015-3306
SHA-256 | 97da8a8f846347404ac0427633ddc66222c5b7357000fbdadd6e7a16f4c38fa8
ProFTPd CPFR / CPTO Proof Of Concept
Posted Apr 22, 2015
Authored by daldana

ProFTPd CPFR / CPTO proof of concept exploit.

tags | exploit, proof of concept
advisories | CVE-2015-3306
SHA-256 | 3a2aa92d9c4f7980f410f8313494e891bbb9e807a8b13f39e584580f72f7eef6
ProFTPd 1.3.5 Remote Command Execution
Posted Apr 21, 2015
Authored by R-73eN

ProFTPd version 1.3.5 remote command execution exploit.

tags | exploit, remote
advisories | CVE-2015-3306
SHA-256 | 33b411f75e9e92f4cce90334c9d86dca66a06474776854a23ec5f542a52da3b9
ProFTPd 1.3.5 File Copy
Posted Apr 18, 2015

ProFTPd installations that use the mod_copy module's SITE CPFR/SITE CPTO commands allows these commands to be used by unauthenticated clients.

tags | exploit
advisories | CVE-2015-3306
SHA-256 | 906b064525d55e5b1133812165abc4af404b78a47f8824d1d53e9802f8d546ff
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close