| Max CVSS | 7.5 | Min CVSS | 6.8 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2009-0542 | 7.5 |
SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 allows remote attackers to execute arbitrary SQL commands via a "%" (percent) character in the username, which introduces a "'" (single quote) character during variable substitution
|
11-10-2018 - 21:01 | 12-02-2009 - 16:30 | |
| CVE-2008-4242 | 6.8 |
ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing ses
|
08-08-2017 - 01:32 | 25-09-2008 - 19:25 | |
| CVE-2009-0543 | 6.8 |
ProFTPD Server 1.3.1, with NLS support enabled, allows remote attackers to bypass SQL injection protection mechanisms via invalid, encoded multibyte characters, which are not properly handled in (1) mod_sql_mysql and (2) mod_sql_postgres.
|
09-06-2009 - 05:32 | 12-02-2009 - 16:30 |