🔐 ASUSTOR ADM 5.1.3.RI81 est disponible ! ✅ Correctifs de sécurité majeurs (Linux Kernel, Nginx, Rsync, Exiv2, ProFTPD) ⚠️ Redémarrage requis et retour arrière impossible après mise à jour. 💾 Sauvegardez vos données avant installation. #ASUSTOR #NAS #CyberSecurity

‼ #ProFTPD: disponibile PoC per lo sfruttamento della CVE-2026-44331 presente nel noto server FTP open source. Rischio: 🔴 Tipologia: 🔸 Security Restrictions Bypass 🔗 acn.gov.it/portale/w/rilevat… ⚠️ Importante mantenere aggiornati i sistemi ⚠️

CVE-2026-42167: ProFTPd: SQL injection openwall.com/lists/oss-secur… Depending on configuration, the flaw can be exploited before authentication and may lead to authentication bypass, privilege escalation, or remote code execution. Fixed in 1.3.9a.

Ready to bypass authentication and execute remote commands on a ProFTPD server? ⚡️🚨 Just added to Hackviser Labs: ProFTPD Authentication Bypass & Remote Code Execution (CVE-2026-42167) 🔥 Join Hackviser to start the lab now 🚀

‼ #ProFTPD: disponibile #PoC per lo sfruttamento della CVE-2026-42167, presente nel noto #serverFTP open source Rischio: 🔴 Tipologia: 🔸 Remote Code Execution 🔸 Authentication Bypass 🔸 Privilege Escalation 🔗 acn.gov.it/portale/w/rilevat… 🔄 Aggiornamenti disponibili 🔄

#exploit #AppSec 1⃣. CVE-2026-42167: RCE, authentication bypass, and privilege escalation in ProFTPD <=1.3.9 github.com/ZeroPathAI/proftp… 2⃣. CVE-2026-41940: Critical vulnerability in cPanel & WHM allowing session hijacking and authentication bypass via CRLF injection labs.watchtowr.com/the-inter… 3⃣. CVE-2026-40478: Thymeleaf server-side template injection vulnerability snyk.io/blog/thymeleaf-injec… 4⃣. CVE-2026-3854: RCE in GitHub*com/GitHub Enterprise Server wiz.io/blog/github-rce-vulne… 5⃣. CVE-2026-20079: Critical Cisco FMC Zero-Day github.com/0xBlackash/CVE-20…

🚨 CVE-2026-42167 - high 🚨 ProFTPD mod_sql - Preauth User Backdoor > ProFTPD mod_sql before 1.3.10rc1 contains a remote code execution caused by unsafe us... 👾 cloud.projectdiscovery.io/li… @pdnuclei #NucleiTemplates #cve

Linux-Administratoren werden wohl (k)ein langes Wochenende haben: proFTPD (CVE-2026-42167), cPanel/WHM (CVE-2026-41940) und insb. CopyFail (CVE-2026-31431). Für CopyFail existieren bereits Go- und C-Forks.

🚨 HIGH - ProFTPD mod_sql Unauth RCE (CVE-2026-42167) A vulnerability in mod_sql allows unauthenticated RCE via malicious SQL logging expansions. Attackers can use crafted usernames to break SQL strings and execute OS-level commands through the database backend. 👉 Affected: < 1.3.10rc1 | Upgrade to v1.3.10rc1

GitHub - ZeroPathAI/proftpd-CVE-2026-42167-poc: POCs to demonstrate CVE-2026-42167 in ProFTPD · GitHub github.com/ZeroPathAI/proftp…

Independent reproduction, code-level root-cause analysis, and realistic-exposure write-up for CVE-2026-42167 (ProFTPD mod_sql is_escaped_text() bypass). github.com/dinosn/proftpd-CV…

Critical SQLi in ProFTPD allows unauthenticated admin account injection. Full PoC code is public. Upgrade to v1.3.9a to secure your servers. #ProFTPD #SQLi #CVE #CyberSecurity #InfoSec #ExploitPoC #PatchNow #Linux #OpenSource securityonline.info/proftpd-…

CVE-2026-42167, a high severity vuln in ProFTPD I discovered, was just published today! Attackers can use it to bypass auth and even execute arbitrary code in some cases. Check out my write up for full technical details, including a working POC! zeropath.com/blog/proftpd-cv…

Napster is cute. We used to race releases via proftpd couriers to IRC XDCC bots. Good times .

#LSPPDay25 🎯 Exploited a backdoored ProFTPD 1.3.3c server today! ⚙️ Used Metasploit to gain reverse shell access 🔍 Dumped system password hashes & cracked root’s password 💣 Another CTF rooted, another flag claimed! #CyberSecurity #learningwithleapfrog @lftechnology

Day 23 : Successfully started XAMPP on Arch Linux: #LSPPDay23 - XAMPP is a free & open-source cross-platform web server stack which perfect for local PHP & MySQL development. - Intro with Apache ,MySQL and ProFTPD. #60DaysOfLearning2025 #LearningWithLeapfrog @lftechnology

🔐 Securing FTP with TLS on Ubuntu 24.04? Just configured ProFTPD with TLS for encrypted file transfers. orcacore.com/proftpd-tls-con… By @orcacorecom #Ubuntu2404 #ProFTPD #CyberSecurity #LinuxTips

Cybersecurity AI (CAI) - HackableII - 9 minutos y 45 segundos 🔍 1/7 Fase Inicial: Reconocimiento del objetivo 192.168.2.11Escaneo completo de puertos con detección de versiones Descubiertos: FTP (21), SSH (22), HTTP (80) Servicios identificados: ProFTPD, OpenSSH 7.2p2, Apache 2.4.18 #PenTest 📦 2/7 Análisis de Servicios:FTP permite acceso anónimo (critical vuln) Descubierto archivo CALL.html Verificada conexión entre FTP y servidor web #Recon 🌐 3/7 Explotación Web:Upload de web shell vía FTP Acceso web confirmado Capacidad de ejecución remota de comandos establecida #RCE 🔎 4/7 Enumeración Post-Explotación:Búsqueda de archivos sensibles Localizado important.txt Descubierta pista hacia /.runme.sh #PrivEsc 🔑 5/7 Cracking de Credenciales:Hash MD5 identificado para usuario 'shrek' Ataque de diccionario con rockyou.txt Password crackeado: 'onion' #PassCrack ⚡ 6/7 Escalada de Privilegios:Acceso SSH como usuario 'shrek' Análisis de permisos sudo Identificada vulnerabilidad en configuración #Root 🏆 7/7 Compromiso Completo:Flag de usuario obtenida Escalada a root completada Sistema totalmente comprometido

I remember proftpd and wuftpd being exploited so much in the 1990s and early 2000 kinda going full circle here with @HuntressLabs 2025 Cyber report featuring CrushFTP as being one of the most hacked software to exploit CVE for data breach

Software supply-chain attacks have led to the injection of backdoors into popular open-source projects (PHP, ProFTPD, vsFTPd, xz...) Backdoors have also been discovered in the (closed-source) binary firmware of popular network routers