ProFTPd version 1.3.5 remote command execution exploit. This is a variant of the original vulnerability discovered in 2015 with credit going to R-73eN.
36d3e6266ecfe1baa5561af1301eeadc1a956f587f58731fbeed05f16dec3a89
Mandriva Linux Security Advisory 2010-227 - Multiple directory traversal vulnerabilities in the mod_site_misc module in ProFTPD before 1.3.3c allow remote authenticated users to create directories, delete directories, create symlinks, and modify file timestamps via directory traversal sequences in a SITE MKDIR, SITE UTIME command. Multiple stack-based buffer overflows in the pr_netio_telnet_gets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC escape character to a FTPS server.
a6a929924a2a4e416021de37391ae322365e7a942efcedc03f1b0a657de2be0c
Secunia Security Advisory - Fedora has issued an update for proftpd. This fixes multiple vulnerabilities, which can be exploited by malicious users to manipulate certain data and malicious people to compromise a vulnerable system.
935835595154a67760183f1ef165aa344fad7c5c20bb9da7d93531059c0837b0
Zero Day Initiative Advisory 10-229 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ProFTPD. Authentication is not required to exploit this vulnerability. The flaw exists within the proftpd server component which listens by default on TCP port 21. When reading user input if a TELNET_IAC escape sequence is encountered the process miscalculates a buffer length counter value allowing a user controlled copy of data to a stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the proftpd process.
7431c58a12dec7ec81a1cb7105d04361591fe1e23f29451c020292509334b56c
ProFTPD IAC remote root exploit for versions 1.3.3, 1.3.3a and 1.3.2a/e/c.
ad63bce947283be1225a9c0f6124df424564efd77965f253fa2f9da15adffefd
This Metasploit module exploits a stack-based buffer overflow in versions of ProFTPD server between versions 1.3.2rc3 and 1.3.3b. By sending data containing a large number of Telnet IAC commands, an attacker can corrupt memory and execute arbitrary code.
b15672f8816cee6c5988bd4043b73fa81269c6b63d7afa9bf7db5a1b33c80105
Secunia Security Advisory - Slackware has issued an update for proftpd. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a vulnerable system.
3e2d54165e9a95f4328393b3e4c5b04fdcb68ecb92f6fb2282fb5ccec03aa918
Secunia Security Advisory - Two vulnerabilities have been reported in ProFTPD, which can be exploited by malicious users to manipulate certain data and malicious people to compromise a vulnerable system.
c8d8a7749b87305d0b76378cdcdfeb3cd076f7f0bf0d6b90dfec9c2358a4e0a2
Secunia Security Advisory - Fedora has issued an update for proftpd. This fixes a vulnerability, which can be exploited by malicious people to manipulate certain data.
b47a09a91d38c7ddbb9171a4682bc28f6733020468f09b9ad9df6aaf56c39461
Secunia Security Advisory - A vulnerability has been reported in ProFTPD, which can be exploited by malicious people to manipulate certain data.
317da7ec8a4a3c7fdf52037e343370f510e570e2bbe99468d550f4f4a75f5379
Secunia Security Advisory - Fedora has issued an update for proftpd. This fixes a security issue, which can be exploited by malicious people to conduct spoofing attacks.
5420632da5cdc39c0480b0363e2062db3e7f0156b632b55ead1e122a6613680b
Debian Linux Security Advisory 1925-1 - It has been discovered that proftpd-dfsg, a virtual-hosting FTP daemon, does not properly handle a '\\0' character in a domain name in the Subject Alternative Name field of an X.509 client certificate, when the dNSNameRequired TLS option is enabled.
58b810f5fa37b676da5a978bc004bd482565cedd80006fcc98dfbf0f8581d1c7
Secunia Security Advisory - Debian has issued an update for proftpd-dfsg. This fixes a vulnerability, which can be exploited by malicious people to conduct spoofing attacks.
79bb47501d78206a19d99a1d7db93ca3d907f8b6d7a7b17cf3243cca3982f7fb
Mandriva Linux Security Advisory 2009-288 - The mod_tls module in proftpd < 1.3.2b is vulnerable to a similar security issue as CVE-2009-2408. This update fixes these vulnerability.
0e8d72525416ecf43373f296880c86846c238d5af213c156135bba25e17696f4
Secunia Security Advisory - A security issue has been reported in ProFTPD, which can be exploited by malicious people to conduct spoofing attacks.
63f3bde629529c42aaa7d6cc95dba47301b42978deac310b0f0ca28a611b8a0b
ProFTPd version 1.3.0 mod_ctrls local stack overflow root exploit that binds a shell to port 19091.
ddbfe7d762887600b38f4dc106d97604c67613c6e9563372c4756a28d17514cf
Secunia Security Advisory - Fedora has issued an update for proftpd. This fixes a vulnerability, which can be exploited by malicious people to conduct SQL injection attacks.
a17e86a1eede64a592fa366b655874cea451da098c1d5aa4a689b8b0b1b1022a
Secunia Security Advisory - Gentoo has issued an update for proftpd. This fixes some vulnerabilities, which can be exploited by malicious people to conduct SQL injection attacks.
cec4c6acf9055302a8179fa1a541ff7a8879ea2f8507c531b949c7ae0758f77b
Gentoo Linux Security Advisory GLSA 200903-27 - Two vulnerabilities in ProFTPD might allow for SQL injection attacks. Versions less than 1.3.2 are affected.
813e42985782b31eee7369aed9314721c49e60b35e51a550fdea4c56f1c57707
Debian Security Advisory 1730-1 - The security update for proftpd-dfsg in DSA-1727-1 caused a regression with the postgresql backend. This update corrects the flaw. Also it was discovered that the oldstable distribution (etch) is not affected by the security issues.
422c018fd821493e6bba8fd79fc76a6860442a69113ba1ce44662dd4dc848dfb
Secunia Security Advisory - Debian has issued an update for proftpd-dfsg. This fixes some vulnerabilities, which can be exploited by malicious people to conduct SQL injection attacks.
c99e77408c7e941799a625041f053551470234d2644e1df5a3d6e384289950b3
Debian Security Advisory DSA 1727-1 - Two SQL injection vulnerabilities have been found in proftpd, a virtual-hosting FTP daemon.
47abce559e797db348b4d30522fc51cbae738bb95901abb7c97f0871b5df8ee3
Remote exploit for the authentication bypass vulnerability in ProFTPd using mod_mysql.
e1f5b601f8af81df0b2624222de455c263ed411d290e7259eac220962b0c67c4
Secunia Security Advisory - A vulnerability has been reported in ProFTPD, which can be exploited by malicious people to conduct SQL injection attacks.
020281f0669fdedd6419e4c468b6bcf906a7ec6fe95f165fed3b676dd5debf81
Secunia Security Advisory - Fedora has issued an update for proftpd. This fixes a vulnerabilities, which can be exploited by malicious people to conduct cross-site request forgery attacks.
19d5ee47d9d1b1fb209692070f099bfe89a86d199d411ec7bea3f0087ab7630c
Debian Security Advisory DSA 1689-1 - Maksymilian Arciemowicz of securityreason.com reported that ProFTPD is vulnerable to cross-site request forgery (CSRF) attacks and executes arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.
0de29b8fab2fefaeabb052720b162b9a757b181550eb52d0a9b16f8641460152