Vulnerability identifier: #VU14904

Vulnerability risk: High

CVSSv3.1: 9.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C]

CVE-ID: CVE-2015-3306

CWE-ID: CWE-284

Exploitation vector: Network

Exploits in database: 11

• April 19, 2024
  • ProFTPd-1.3.5-mod_copy-Remote-Command-Execution (Script that exploits the vulnerability of the ProFTPd 1.3.5 service with CVE-2015-3306) [Github]
• June 17, 2021
  • ProFTPd 1.3.5 - 'mod_copy' Remote Command Execution (2) [Exploit-DB]
• October 18, 2020
  • CVE-2015-3306-Python-PoC (Converted with tweaks from a metasploit module as an exercise for OSCP studying and exploit development) [Github]
• May 15, 2020
  • Modified-CVE-2015-3306-Exploit () [Github]
• March 29, 2020
  • exploit-CVE-2015-3306 (ProFTPd 1.3.5 - (mod_copy) Remote Command Execution exploit and vulnerable container) [Github]
• March 18, 2020
  • cpx_proftpd (Tool for exploit CVE-2015-3306) [Github]
  • propane (Exploits the arbitrary file write bug in proftpd (CVE-2015-3306) attempts code execution) [Github]
  • ProFTPd 1.3.5 - 'Mod_Copy' Command Execution (Metasploit) [Exploit-DB]
  • ProFTPd 1.3.5 - (mod_copy) Remote Command Execution [Exploit-DB]
  • ProFTPd 1.3.5 - File Copy [Exploit-DB]
  • ProFTPD 1.3.5 Mod_Copy Command Execution [Metasploit]

Impact: Code execution

Vulnerable software:
ProFTPD
Server applications / File servers (FTP/HTTP)

Vendor: ProFTPD