FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-25 08:52:18 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
022a4c77-2da4-11e1-b356-00215c6a37bbproftpd -- arbitrary code execution vulnerability with chroot

The FreeBSD security advisory FreeBSD-SA-11:07.chroot reports:

If ftpd is configured to place a user in a chroot environment, then an attacker who can log in as that user may be able to run arbitrary code(...).

Proftpd shares the same problem of a similar nature.


Discovery 2011-11-30
Entry 2011-12-23
Modified 2012-01-29
FreeBSD
>= 7.3 lt 7.3_9

>= 7.4 lt 7.4_5

>= 8.1 lt 8.1_6

>= 8.2 lt 8.2_5

proftpd
proftpd-mysql
< 1.3.3g_1

proftpd-devel
< 1.3.3.r4_3,1

SA-11:07.chroot
http://seclists.org/fulldisclosure/2011/Nov/452
ca0841ff-1254-11de-a964-0030843d3802proftpd -- multiple sql injection vulnerabilities

Secunia reports:

Some vulnerabilities have been reported in ProFTPD, which can be exploited by malicious people to conduct SQL injection attacks.

The application improperly sets the character encoding prior to performing SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code in an environment using a multi-byte character encoding.

An error exists in the "mod_sql" module when processing e.g. user names containing '%' characters. This can be exploited to bypass input sanitation routines and manipulate SQL queries by injecting arbitrary SQL code.


Discovery 2009-02-06
Entry 2009-03-16
proftpd
proftpd-mysql
< 1.3.2

proftpd-devel
<= 1.3.20080922

CVE-2009-0542
CVE-2009-0543
http://secunia.com/advisories/33842/
http://bugs.proftpd.org/show_bug.cgi?id=3173
http://bugs.proftpd.org/show_bug.cgi?id=3124
http://milw0rm.com/exploits/8037