mirror of
https://github.com/0xMarcio/cve.git
synced 2025-12-16 20:27:21 +00:00
1.2 KiB
1.2 KiB
CVE-2010-4652
Description
Heap-based buffer overflow in the sql_prepare_where function (contrib/mod_sql.c) in ProFTPD before 1.3.3d, when mod_sql is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted username containing substitution tags, which are not properly handled during construction of an SQL query.
POC
Reference
No PoCs from references.
Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/DButter/whitehat_public
- https://github.com/Dokukin1/Metasploitable
- https://github.com/Iknowmyname/Nmap-Scans-M2
- https://github.com/NikulinMS/13-01-hw
- https://github.com/Zhivarev/13-01-hw
- https://github.com/firatesatoglu/shodanSearch
- https://github.com/smabramov/Vulnerabilities-and-attacks-on-information-systems
- https://github.com/tpez0/node-nmap-vulners
- https://github.com/zzzWTF/db-13-01