返回 CVE 瀏覽器

CVE-2015-3306

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.1590%

EPSS Percentile42.95th

Published2015年5月18日

Last Modified2026年5月6日

Vulnerability Description

The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.

Affected Platforms (CPE)

📦

Proftpd

Proftpd

= 1.3.5

References & Advisories

🔗 http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157053.html

🔗 http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157054.html

🔗 http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157581.html

🔗 http://lists.opensuse.org/opensuse-updates/2015-06/msg00020.html

🔗 http://packetstormsecurity.com/files/131505/ProFTPd-1.3.5-File-Copy.html

🔗 http://packetstormsecurity.com/files/131555/ProFTPd-1.3.5-Remote-Command-Execution.html

🔗 http://packetstormsecurity.com/files/131567/ProFTPd-CPFR-CPTO-Proof-Of-Concept.html

🔗 http://packetstormsecurity.com/files/132218/ProFTPD-1.3.5-Mod_Copy-Command-Execution.html

相關漏洞威脅

CVE-2003-050010.0

SQL injection vulnerability in the PostgreSQL authentication module (mod_sql_postgres) for ProFTPD before 1.2.9rc1 allows remote a...

CVE-1999-036810.0

Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto.

CVE-1999-091110.0

Buffer overflow in ProFTPD, wu-ftpd, and beroftpd allows remote attackers to gain root access via a series of MKD and CWD commands...

CVE-2006-581510.0

Stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0 and earlier allows remote attackers, probably authenticated,...