Suggestions search

All statuses

Filter by:

With package: proftpd

Found 3 matching suggestions

View:

Compact

Detailed

Published

Permalink CVE-2026-44331

8.1 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): High (H)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): High (H)
Availability (A): High (H)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): High (H)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): High (H)
Modified Availability (MA): High (H)

updated 2 weeks, 5 days ago by @LeSuisse Activity log

Created suggestion 2 weeks, 5 days ago
@LeSuisse accepted 2 weeks, 5 days ago
@LeSuisse published on GitHub 2 weeks, 5 days ago

In ProFTPD through 1.3.9a before 7666224, a SQL injection vulnerability …

In ProFTPD through 1.3.9a before 7666224, a SQL injection vulnerability in sqltab_fetch_clients_cb() in contrib/mod_wrap2_sql.c allows a remote attacker to inject arbitrary SQL commands via a crafted domain name that is accessed in a reverse DNS lookup. When "UseReverseDNS on" is enabled, the attacker-supplied hostname is passed unescaped into SQL queries. The character restrictions of DNS names may affect exploitability.

References

Affected products

ProFTPD

=<1.3.9a

Matching in nixpkgs

pkgs.proftpd

Highly configurable GPL-licensed FTP server software

nixos-unstable 1.3.9a
- nixpkgs-unstable 1.3.9a
- nixos-unstable-small 1.3.9a
nixos-25.11 1.3.9a
- nixos-25.11-small 1.3.9a
- nixpkgs-25.11-darwin 1.3.9a

Package maintainers

@osnyx Oliver Schmidt <os@flyingcircus.io>
@leona-ya Leona Maroni <nix@leona.is>

Published

Permalink CVE-2026-42167

8.1 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): High (H)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): High (H)
Availability (A): High (H)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): High (H)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): High (H)
Modified Availability (MA): High (H)

updated 3 weeks, 5 days ago by @LeSuisse Activity log

Created suggestion 3 weeks, 5 days ago
@LeSuisse accepted 3 weeks, 5 days ago
@LeSuisse published on GitHub 3 weeks, 5 days ago

mod_sql in ProFTPD before 1.3.10rc1 allows remote attackers to execute …

mod_sql in ProFTPD before 1.3.10rc1 allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backend allows commands (e.g., COPY TO PROGRAM).

References

Affected products

ProFTPD

<1.3.10rc1

Matching in nixpkgs

pkgs.proftpd

Highly configurable GPL-licensed FTP server software

nixos-unstable 1.3.9
- nixpkgs-unstable 1.3.9
- nixos-unstable-small 1.3.9
nixos-25.11 1.3.9
- nixos-25.11-small 1.3.9
- nixpkgs-25.11-darwin 1.3.9

Package maintainers

@osnyx Oliver Schmidt <os@flyingcircus.io>
@leona-ya Leona Maroni <nix@leona.is>

Backported in 1.3.9a: https://github.com/proftpd/proftpd/blob/v1.3.9a/NEWS#L53-L54

Untriaged

Permalink CVE-2021-47865

7.5 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): High (H)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): High (H)

created 4 months ago Activity log

Created suggestion 4 months ago

ProFTPD 1.3.7a - Remote Denial of Service

ProFTPD 1.3.7a contains a denial of service vulnerability that allows attackers to overwhelm the server by creating multiple simultaneous FTP connections. Attackers can repeatedly establish connections using threading to exhaust server connection limits and block legitimate user access.

References

ExploitDB-49697 exploit
ProFTPD Official Website product
ProFTPD GitHub Repository product
VulnCheck Advisory: ProFTPD 1.3.7a - Remote Denial of Service third-party-advisory
ProFTPD GitHub Repository issue-tracking

Affected products

ProFTPD

==1.3.7a

Matching in nixpkgs

pkgs.proftpd

Highly configurable GPL-licensed FTP server software

nixos-unstable 1.3.9
- nixpkgs-unstable 1.3.9
- nixos-unstable-small 1.3.9

Package maintainers

@dpausp Tobias Stenzel <dpausp@posteo.de>
@ctheune Christian Theune <ct@flyingcircus.io>
@osnyx Oliver Schmidt <os@flyingcircus.io>
@leona-ya Leona Maroni <nix@leona.is>
@frlan Frank Lanitz <frank@frank.uvena.de>