← voltar
CVE-2015-3306

CVE-2015-3306

EPSS 96.8%
The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.
Produtos afetados
n/a · n/a
PoCs públicas encontradas28
githubgithub.com/t0kx/exploit-CVE-2015-3306148githubgithub.com/nootropics/propane2githubgithub.com/bcononugbor-source/OpenVAS-Vulnerability-Analysis-Incident-Response-Report1githubgithub.com/xyk0x/cpx_proftpd1githubgithub.com/davidtavarez/CVE-2015-33061githubgithub.com/0xm4ud/ProFTPD_CVE-2015-33061githubgithub.com/jptr218/proftpd_bypass1githubgithub.com/cd6629/CVE-2015-3306-Python-PoC1githubgithub.com/cybersensei-EH/hackviser_labs_CVE-2015-33061githubgithub.com/JoseLRC97/ProFTPd-1.3.5-mod_copy-Remote-Command-Execution0githubgithub.com/donmedfor/CVE-2015-33060githubgithub.com/netw0rk7/CVE-2015-3306-Home-Lab0githubgithub.com/canpilayda/proftpd-mod_copy-cve-2015-33060githubgithub.com/cved-sources/cve-2015-33060githubgithub.com/hackarada/cve-2015-33060githubgithub.com/cdedmondson/Modified-CVE-2015-3306-Exploit0githubgithub.com/Z3R0space/CVE-2015-33060cve_referencewww.exploit-db.com/exploits/36742/não verificadocve_referencepacketstormsecurity.com/files/131555/ProFTPd-1.3.5-Remote-Command-Execution.htmlnão verificadocve_referencepacketstormsecurity.com/files/131567/ProFTPd-CPFR-CPTO-Proof-Of-Concept.htmlnão verificadocve_referencepacketstormsecurity.com/files/132218/ProFTPD-1.3.5-Mod_Copy-Command-Execution.htmlnão verificadocve_referencepacketstormsecurity.com/files/162777/ProFTPd-1.3.5-Remote-Command-Execution.htmlnão verificadocve_referencewww.exploit-db.com/exploits/36803/não verificadoexploitdbwww.exploit-db.com/exploits/37262não verificadoexploitdbwww.exploit-db.com/exploits/36803não verificadoexploitdbwww.exploit-db.com/exploits/49908não verificadoexploitdbwww.exploit-db.com/exploits/36742não verificadocve_referencepacketstormsecurity.com/files/131505/ProFTPd-1.3.5-File-Copy.htmlnão verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157053.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-May/157054.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-May/157581.htmlhttp://lists.opensuse.org/opensuse-updates/2015-06/msg00020.htmlhttp://packetstormsecurity.com/files/131505/ProFTPd-1.3.5-File-Copy.htmlhttp://packetstormsecurity.com/files/131555/ProFTPd-1.3.5-Remote-Command-Execution.htmlhttp://packetstormsecurity.com/files/131567/ProFTPd-CPFR-CPTO-Proof-Of-Concept.htmlhttp://packetstormsecurity.com/files/132218/ProFTPD-1.3.5-Mod_Copy-Command-Execution.htmlhttp://packetstormsecurity.com/files/162777/ProFTPd-1.3.5-Remote-Command-Execution.htmlhttps://www.exploit-db.com/exploits/36742/https://www.exploit-db.com/exploits/36803/http://www.debian.org/security/2015/dsa-3263