pkg:Debian/proftpd-dfsg
58 total CVEsCRITICAL3HIGH20MEDIUM5
✅ Check your installed version
All known vulnerabilities
- from 0, < 1.3.5b-4+deb9u1
- from 0, < 1.3.5e+r1.3.5-2+deb8u3
- from 0, < 1.3.6-6
- from 0, < 1.3.6c-2
- from 0, < 1.3.5e+r1.3.5-2+deb8u7
- from 0, < 1.3.5e+r1.3.5-2+deb8u6
- from 0, < 1.3.5b-4+deb9u4
- HIGH8.1CVE-2026-44331In ProFTPD through 1.3.9a before 7666224, a SQL injection vulnerability in sqltab_fetch_clients_cb() in contrib/mod_wrap2_sql.c allows a re…from 0
- HIGH8.1CVE-2026-42167mod_sql in ProFTPD before 1.3.9a allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of U…from 0
- from 0, < 1.3.7a+dfsg-12+deb11u5
- from 0, < 1.3.7a+dfsg-12+deb11u5
- from 0, < 1.3.7a+dfsg-12+deb11u3
- from 0, < 1.3.8+dfsg-4+deb12u4
- HIGH7.5CVE-2023-51713make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backsl…from 0, < 1.3.7a+dfsg-12+deb11u3
- HIGH7.5CVE-2021-46854mod_radius in ProFTPD before 1.3.7c allows memory disclosure to RADIUS servers because it copies blocks of 16 characters.from 0, < 1.3.7a+dfsg-12+deb11u1
- HIGH7.5CVE-2020-9272ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap via the cap_text.c cap_to_text function.from 0, < 1.3.6c-1
- from 0, < 1.3.6-1
- from 0, < 1.3.6-1
- from 0, < 1.3.6b-2
- from 0, < 1.3.5e+r1.3.5-2+deb8u4
- from 0, < 1.3.5b-4+deb9u2
- from 0, < 1.3.6a-2
- HIGH7.5CVE-2016-3125The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might ca…from 0, < 1.3.5b-1
- MEDIUM5.9CVE-2023-48795Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapinfrom 0, < 1.3.7a+dfsg-12+deb11u3
- MEDIUM5.9CVE-2023-48795Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapinfrom 0, < 1.3.7a+dfsg-12+deb11u3
- MEDIUM5.5CVE-2017-7418ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the All…from 0, < 1.3.5b-4
- from 0, < 1.3.5e+r1.3.5-2+deb8u5
- from 0, < 1.3.6b-2
- from 0, < 1.3.4a-5+deb7u3
- from 0, < 1.3.5-2
- from 0, < 1.3.5~rc3-2.1
- from 0, < 1.3.3a-6squeeze7
- from 0, < 1.3.4a-3
- from 0, < 1.3.3a-6squeeze6
- from 0, < 1.3.1-17lenny8
- from 0, < 1.3.4~rc3-2
- from 0, < 1.3.1-17lenny9
- from 0, < 1.3.3a-6squeeze1
- from 0, < 1.3.3d-4
- —CVE-2010-4652Heap-based buffer overflow in the sql_prepare_where function (contrib/mod_sql.c) in ProFTPD before 1.3.3d, when mod_sql is enabled, allows…from 0, < 1.3.3a-6
- —CVE-2010-4221Multiple stack-based buffer overflows in the pr_netio_telnet_gets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to ex…from 0, < 1.3.3a-5
- —CVE-2010-3867Multiple directory traversal vulnerabilities in the mod_site_misc module in ProFTPD before 1.3.3c allow remote authenticated users to creat…from 0, < 1.3.3a-4
- from 0, < 1.3.2-1
- from 0, < 1.3.1-17lenny6
- from 0, < 1.3.0-19etch3
- from 0, < 1.3.2a-2
- —CVE-2009-0543ProFTPD Server 1.3.1, with NLS support enabled, allows remote attackers to bypass SQL injection protection mechanisms via invalid, encoded…from 0, < 1.3.2-1
- from 0, < 1.3.1-17lenny2
- from 0, < 1.3.1-17lenny1
- from 0, < 1.3.2-1
- from 0, < 1.3.0-19etch2
- from 0, < 1.3.1-15
- —CVE-2007-2165The Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module…from 0, < 1.3.0-24
- —CVE-2006-6563Stack-based buffer overflow in the pr_ctrls_recv_request function in ctrls.c in the mod_ctrls module in ProFTPD before 1.3.1rc1 allows loca…from 0, < 1.3.0-17
- —CVE-2006-6170Buffer overflow in the tls_x509_name_oneline function in the mod_tls module, as used in ProFTPD 1.3.0a and earlier, and possibly other prod…from 0, < 1.3.0-16
- from 0, < 1.3.0-13
- from 0, < 1.3.0-15
- from 0, < 1.2.10+1.3.0rc5-1