• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

ProFTPD SQLShowInfo SQL Output Format String Vulnerability

A format-string vulnerability affects ProFTPD. This issue occurs when the SQLShowInfo directive is enabled. If the attacker can influence data in the backend SQL database, then the attacker may be able to exploit this issue by inserting a malicious format string into data that will be queried by ProFTPD.

A successful attack will allow arbitrary code to execute in the context of the server.