FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-25 08:52:18 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
ca0841ff-1254-11de-a964-0030843d3802	proftpd -- multiple sql injection vulnerabilities Secunia reports: Some vulnerabilities have been reported in ProFTPD, which can be exploited by malicious people to conduct SQL injection attacks. The application improperly sets the character encoding prior to performing SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code in an environment using a multi-byte character encoding. An error exists in the "mod_sql" module when processing e.g. user names containing '%' characters. This can be exploited to bypass input sanitation routines and manipulate SQL queries by injecting arbitrary SQL code. Discovery 2009-02-06 Entry 2009-03-16 proftpd proftpd-mysql < 1.3.2 proftpd-devel <= 1.3.20080922 CVE-2009-0542 CVE-2009-0543 http://secunia.com/advisories/33842/ http://bugs.proftpd.org/show_bug.cgi?id=3173 http://bugs.proftpd.org/show_bug.cgi?id=3124 http://milw0rm.com/exploits/8037
022a4c77-2da4-11e1-b356-00215c6a37bb	proftpd -- arbitrary code execution vulnerability with chroot The FreeBSD security advisory FreeBSD-SA-11:07.chroot reports: If ftpd is configured to place a user in a chroot environment, then an attacker who can log in as that user may be able to run arbitrary code(...). Proftpd shares the same problem of a similar nature. Discovery 2011-11-30 Entry 2011-12-23 Modified 2012-01-29 FreeBSD >= 7.3 lt 7.3_9 >= 7.4 lt 7.4_5 >= 8.1 lt 8.1_6 >= 8.2 lt 8.2_5 proftpd proftpd-mysql < 1.3.3g_1 proftpd-devel < 1.3.3.r4_3,1 SA-11:07.chroot http://seclists.org/fulldisclosure/2011/Nov/452

VuXML ID

Description

ca0841ff-1254-11de-a964-0030843d3802

proftpd -- multiple sql injection vulnerabilities

Secunia reports:

Some vulnerabilities have been reported in ProFTPD, which can be exploited by malicious people to conduct SQL injection attacks.

The application improperly sets the character encoding prior to performing SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code in an environment using a multi-byte character encoding.

An error exists in the "mod_sql" module when processing e.g. user names containing '%' characters. This can be exploited to bypass input sanitation routines and manipulate SQL queries by injecting arbitrary SQL code.

Discovery 2009-02-06
Entry 2009-03-16
proftpd
proftpd-mysql

< 1.3.2

proftpd-devel

<= 1.3.20080922

CVE-2009-0542
CVE-2009-0543
http://secunia.com/advisories/33842/
http://bugs.proftpd.org/show_bug.cgi?id=3173
http://bugs.proftpd.org/show_bug.cgi?id=3124
http://milw0rm.com/exploits/8037

022a4c77-2da4-11e1-b356-00215c6a37bb

proftpd -- arbitrary code execution vulnerability with chroot

The FreeBSD security advisory FreeBSD-SA-11:07.chroot reports:

If ftpd is configured to place a user in a chroot environment, then an attacker who can log in as that user may be able to run arbitrary code(...).

Proftpd shares the same problem of a similar nature.

Discovery 2011-11-30
Entry 2011-12-23
Modified 2012-01-29
FreeBSD

>= 7.3 lt 7.3_9

>= 7.4 lt 7.4_5

>= 8.1 lt 8.1_6

>= 8.2 lt 8.2_5

proftpd
proftpd-mysql

< 1.3.3g_1

proftpd-devel

< 1.3.3.r4_3,1

SA-11:07.chroot
http://seclists.org/fulldisclosure/2011/Nov/452