Total vulnerabilities in the database
Heap-based buffer overflow in the sql_prepare_where function (contrib/mod_sql.c) in ProFTPD before 1.3.3d, when mod_sql is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted username containing substitution tags, which are not properly handled during construction of an SQL query.
| Software | From | Fixed in |
|---|---|---|
| proftpd / proftpd | 1.2.0-rc1 | 1.2.0-rc1.x |
| proftpd / proftpd | 1.3.3-b | 1.3.3-b.x |
| proftpd / proftpd | 1.3.3-rc4 | 1.3.3-rc4.x |
| proftpd / proftpd | 1.2.0 | 1.2.0.x |
| proftpd / proftpd | 1.3.1-rc2 | 1.3.1-rc2.x |
| proftpd / proftpd | 1.3.0-rc1 | 1.3.0-rc1.x |
| proftpd / proftpd | 1.2.0-rc2 | 1.2.0-rc2.x |
| proftpd / proftpd | - | 1.3.3.x |
| proftpd / proftpd | 1.3.2-d | 1.3.2-d.x |
| proftpd / proftpd | 1.2.0-pre10 | 1.2.0-pre10.x |
| proftpd / proftpd | 1.2.2-rc1 | 1.2.2-rc1.x |
| proftpd / proftpd | 1.3.0-a | 1.3.0-a.x |
| proftpd / proftpd | 1.2.3 | 1.2.3.x |
| proftpd / proftpd | 1.3.0-rc4 | 1.3.0-rc4.x |
| proftpd / proftpd | 1.3.1-rc3 | 1.3.1-rc3.x |
| proftpd / proftpd | 1.2.5-rc1 | 1.2.5-rc1.x |
| proftpd / proftpd | 1.3.2-a | 1.3.2-a.x |
| proftpd / proftpd | 1.3.3-rc2 | 1.3.3-rc2.x |
| proftpd / proftpd | 1.2.8-rc1 | 1.2.8-rc1.x |
| proftpd / proftpd | 1.2.7 | 1.2.7.x |
| proftpd / proftpd | 1.2.2 | 1.2.2.x |
| proftpd / proftpd | 1.2.7-rc2 | 1.2.7-rc2.x |
| proftpd / proftpd | 1.3.2-c | 1.3.2-c.x |
| proftpd / proftpd | 1.2.10 | 1.2.10.x |
| proftpd / proftpd | 1.3.2-e | 1.3.2-e.x |
| proftpd / proftpd | 1.2.10-rc2 | 1.2.10-rc2.x |
| proftpd / proftpd | 1.3.1 | 1.3.1.x |
| proftpd / proftpd | 1.3.2 | 1.3.2.x |
| proftpd / proftpd | 1.2.8 | 1.2.8.x |
| proftpd / proftpd | 1.3.3-rc3 | 1.3.3-rc3.x |
| proftpd / proftpd | 1.3.0 | 1.3.0.x |
| proftpd / proftpd | 1.2.10-rc1 | 1.2.10-rc1.x |
| proftpd / proftpd | 1.2.1 | 1.2.1.x |
| proftpd / proftpd | 1.3.1-rc1 | 1.3.1-rc1.x |
| proftpd / proftpd | 1.2.9-rc2 | 1.2.9-rc2.x |
| proftpd / proftpd | 1.2.7-rc1 | 1.2.7-rc1.x |
| proftpd / proftpd | 1.2.7-rc3 | 1.2.7-rc3.x |
| proftpd / proftpd | 1.3.0-rc5 | 1.3.0-rc5.x |
| proftpd / proftpd | 1.3.3-a | 1.3.3-a.x |
| proftpd / proftpd | 1.3.2-rc1 | 1.3.2-rc1.x |
| proftpd / proftpd | 1.2.4 | 1.2.4.x |
| proftpd / proftpd | 1.2.5 | 1.2.5.x |
| proftpd / proftpd | 1.2.0-pre9 | 1.2.0-pre9.x |
| proftpd / proftpd | 1.2.2-rc3 | 1.2.2-rc3.x |
| proftpd / proftpd | 1.3.2-rc2 | 1.3.2-rc2.x |
| proftpd / proftpd | 1.3.2-rc3 | 1.3.2-rc3.x |
| proftpd / proftpd | 1.2.5-rc3 | 1.2.5-rc3.x |
| proftpd / proftpd | 1.2.9-rc3 | 1.2.9-rc3.x |
| proftpd / proftpd | 1.2.0-rc3 | 1.2.0-rc3.x |
| proftpd / proftpd | 1.3.2-b | 1.3.2-b.x |
| proftpd / proftpd | 1.2.6-rc2 | 1.2.6-rc2.x |
| proftpd / proftpd | 1.3.2-rc4 | 1.3.2-rc4.x |
| proftpd / proftpd | 1.2.5-rc2 | 1.2.5-rc2.x |
| proftpd / proftpd | 1.2.10-rc3 | 1.2.10-rc3.x |
| proftpd / proftpd | 1.2.9 | 1.2.9.x |
| proftpd / proftpd | 1.2.2-rc2 | 1.2.2-rc2.x |
| proftpd / proftpd | 1.2.8-rc2 | 1.2.8-rc2.x |
| proftpd / proftpd | 1.3.0-rc2 | 1.3.0-rc2.x |
| proftpd / proftpd | 1.2.6-rc1 | 1.2.6-rc1.x |
| proftpd / proftpd | 1.2.9-rc1 | 1.2.9-rc1.x |
| proftpd / proftpd | 1.3.3 | 1.3.3.x |
| proftpd / proftpd | 1.2.6 | 1.2.6.x |
| proftpd / proftpd | 1.3.3-rc1 | 1.3.3-rc1.x |
| proftpd / proftpd | 1.3.0-rc3 | 1.3.0-rc3.x |