Showing 1 - 7 of 7

CVE-2015-3306

Status Candidate

Overview

The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.

ProFTPd 1.3.5 Remote Command Execution: Posted May 26, 2021; Authored by Shellbr3ak; ProFTPd version 1.3.5 remote command execution exploit. This is a variant of the original vulnerability discovered in 2015 with credit going to R-73eN.; tags | exploit, remote; advisories | CVE-2015-3306; SHA-256 | 36d3e6266ecfe1baa5561af1301eeadc1a956f587f58731fbeed05f16dec3a89; Download | Favorite | View

ProFTPD 1.3.5 Mod_Copy Command Execution: Posted Jun 10, 2015; Authored by Vadim Melihow | Site metasploit.com; This Metasploit module exploits the SITE CPFR/CPTO commands in ProFTPD version 1.3.5. Any unauthenticated client can leverage these commands to copy files from any part of the filesystem to a chosen destination. The copy commands are executed with the rights of the ProFTPD service, which by default runs under the privileges of the 'nobody' user. By using /proc/self/cmdline to copy a PHP payload to the website directory, PHP remote code execution is made possible.; tags | exploit, remote, php, code execution; advisories | CVE-2015-3306; SHA-256 | 6b1b6947386e30749005cc4bbf96249cdc5ee569e7eb6a39db9bbb3306f97451; Download | Favorite | View

Debian Security Advisory 3263-1: Posted May 20, 2015; Authored by Debian | Site debian.org; Debian Linux Security Advisory 3263-1 - Vadim Melihow discovered that in proftpd-dfsg, an FTP server, the mod_copy module allowed unauthenticated users to copy files around on the server, and possibly to execute arbitrary code.; tags | advisory, arbitrary; systems | linux, debian; advisories | CVE-2015-3306; SHA-256 | ac6dcf2b8a50d76523a286978d647d532f4c498be4105ebfdf07388d03782759; Download | Favorite | View

Slackware Security Advisory - proftpd Updates: Posted Apr 22, 2015; Authored by Slackware Security Team | Site slackware.com; Slackware Security Advisory - New proftpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.; tags | advisory; systems | linux, slackware; advisories | CVE-2015-3306; SHA-256 | 97da8a8f846347404ac0427633ddc66222c5b7357000fbdadd6e7a16f4c38fa8; Download | Favorite | View

ProFTPd CPFR / CPTO Proof Of Concept: Posted Apr 22, 2015; Authored by daldana; ProFTPd CPFR / CPTO proof of concept exploit.; tags | exploit, proof of concept; advisories | CVE-2015-3306; SHA-256 | 3a2aa92d9c4f7980f410f8313494e891bbb9e807a8b13f39e584580f72f7eef6; Download | Favorite | View

ProFTPd 1.3.5 Remote Command Execution: Posted Apr 21, 2015; Authored by R-73eN; ProFTPd version 1.3.5 remote command execution exploit.; tags | exploit, remote; advisories | CVE-2015-3306; SHA-256 | 33b411f75e9e92f4cce90334c9d86dca66a06474776854a23ec5f542a52da3b9; Download | Favorite | View

ProFTPd 1.3.5 File Copy: Posted Apr 18, 2015; ProFTPd installations that use the mod_copy module's SITE CPFR/SITE CPTO commands allows these commands to be used by unauthenticated clients.; tags | exploit; advisories | CVE-2015-3306; SHA-256 | 906b064525d55e5b1133812165abc4af404b78a47f8824d1d53e9802f8d546ff; Download | Favorite | View

Page 1 of 1 Back 1 Next