CVE Tools

proftpd

Networking Infrastructureoss-project

19

Cumulative CVEs

13

Monthly snapshots

#23

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting proftpd.

CVE-2026-44331In ProFTPD through 1.3.9a before 7666224, a SQL injection vulnerability in sqltab_fetch_clients_cb() in contrib/mod_wrap2_sql.c allows a remote attacker to inject arbitrary SQL commands via a craft...8.1May 5, 2026
CVE-2026-42167mod_sql in ProFTPD before 1.3.9a allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL bac...8.1Apr 28, 2026
CVE-2021-47865ProFTPD 1.3.7a - Remote Denial of Service7.5Jan 21, 2026
CVE-2010-20103ProFTPD 1.3.3c Backdoor Command Execution9.8Aug 20, 2025
CVE-2023-51713make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash semantics.7.5Dec 22, 2023
CVE-2023-48795The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (fr...5.9Dec 18, 2023
CVE-2021-46854mod_radius in ProFTPD before 1.3.7c allows memory disclosure to RADIUS servers because it copies blocks of 16 characters.7.5Nov 23, 2022
CVE-2020-9273In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution.8.8Feb 20, 2020
CVE-2020-9272ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap via the cap_text.c cap_to_text function.7.5Feb 20, 2020
CVE-2019-19269An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL sk_X509_REVOKED_value() function when encount...4.9Nov 26, 2019
CVE-2019-19270An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. Failure to check for the appropriate field of a CRL entry (checking twice for subject, rather than once for subject and once for...7.5Nov 26, 2019
CVE-2019-19271An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. A wrong iteration variable, used when checking a client certificate against CRL entries (installed by a system administrator), can...7.5Nov 26, 2019
CVE-2019-19272An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. Direct dereference of a NULL pointer (a variable initialized to NULL) leads to a crash when validating the certificate of a client...7.5Nov 26, 2019
CVE-2019-18217ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauthenticated denial-of-service due to incorrect handling of overly long commands because main.c in a child process enters an infin...7.5Oct 21, 2019
CVE-2019-12815An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306.9.8Jul 19, 2019