Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-73rz-xdrz-ryez

Summary security update

Aliases

alias	CVE-2015-3306

Fixed_packages

url pkg:deb/debian/proftpd-dfsg@1.3.4a-5%2Bdeb7u3

purl pkg:deb/debian/proftpd-dfsg@1.3.4a-5%2Bdeb7u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17q4-65b3-mbbg

vulnerability	VCID-6kef-2azs-xugx

vulnerability	VCID-6zv5-sn2d-ffa6

vulnerability	VCID-73rz-xdrz-ryez

vulnerability	VCID-8yrv-hee2-9qdc

vulnerability	VCID-c26f-t6bh-fkc6

vulnerability	VCID-cbu1-85d6-5bhz

vulnerability	VCID-fn5e-rmve-c3f4

vulnerability	VCID-gw9f-rc1s-8udd

vulnerability	VCID-jczb-y4fh-xucn

vulnerability	VCID-jxke-yeum-8fh2

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-pcah-e3hh-gbd7

vulnerability	VCID-tc5c-pyzn-ekh1

vulnerability	VCID-u7k3-9pb6-nqa8

vulnerability	VCID-wwz1-zb24-7qgy

vulnerability	VCID-xeeh-rpu9-63g6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/proftpd-dfsg@1.3.4a-5%252Bdeb7u3

url pkg:deb/debian/proftpd-dfsg@1.3.5-1.1%2Bdeb8u2

purl pkg:deb/debian/proftpd-dfsg@1.3.5-1.1%2Bdeb8u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17q4-65b3-mbbg

vulnerability	VCID-6kef-2azs-xugx

vulnerability	VCID-6zv5-sn2d-ffa6

vulnerability	VCID-73rz-xdrz-ryez

vulnerability	VCID-8yrv-hee2-9qdc

vulnerability	VCID-c26f-t6bh-fkc6

vulnerability	VCID-cbu1-85d6-5bhz

vulnerability	VCID-fn5e-rmve-c3f4

vulnerability	VCID-gw9f-rc1s-8udd

vulnerability	VCID-jczb-y4fh-xucn

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-pcah-e3hh-gbd7

vulnerability	VCID-tc5c-pyzn-ekh1

vulnerability	VCID-u7k3-9pb6-nqa8

vulnerability	VCID-wwz1-zb24-7qgy

vulnerability	VCID-xeeh-rpu9-63g6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/proftpd-dfsg@1.3.5-1.1%252Bdeb8u2

url	pkg:deb/debian/proftpd-dfsg@1.3.5-2?distro=trixie
purl	pkg:deb/debian/proftpd-dfsg@1.3.5-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/proftpd-dfsg@1.3.5-2%3Fdistro=trixie

url pkg:deb/debian/proftpd-dfsg@1.3.5b-4%2Bdeb9u5

purl pkg:deb/debian/proftpd-dfsg@1.3.5b-4%2Bdeb9u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17q4-65b3-mbbg

vulnerability	VCID-6kef-2azs-xugx

vulnerability	VCID-6zv5-sn2d-ffa6

vulnerability	VCID-8yrv-hee2-9qdc

vulnerability	VCID-fn5e-rmve-c3f4

vulnerability	VCID-gw9f-rc1s-8udd

vulnerability	VCID-jczb-y4fh-xucn

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-pcah-e3hh-gbd7

vulnerability	VCID-tc5c-pyzn-ekh1

vulnerability	VCID-u7k3-9pb6-nqa8

vulnerability	VCID-wwz1-zb24-7qgy

vulnerability	VCID-xeeh-rpu9-63g6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/proftpd-dfsg@1.3.5b-4%252Bdeb9u5

url	pkg:deb/debian/proftpd-dfsg@1.3.7a%2Bdfsg-12%2Bdeb11u2?distro=trixie
purl	pkg:deb/debian/proftpd-dfsg@1.3.7a%2Bdfsg-12%2Bdeb11u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/proftpd-dfsg@1.3.7a%252Bdfsg-12%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/proftpd-dfsg@1.3.8%2Bdfsg-4%2Bdeb12u4?distro=trixie

purl pkg:deb/debian/proftpd-dfsg@1.3.8%2Bdfsg-4%2Bdeb12u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gw9f-rc1s-8udd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/proftpd-dfsg@1.3.8%252Bdfsg-4%252Bdeb12u4%3Fdistro=trixie

url	pkg:deb/debian/proftpd-dfsg@1.3.8.c%2Bdfsg-4%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/proftpd-dfsg@1.3.8.c%2Bdfsg-4%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/proftpd-dfsg@1.3.8.c%252Bdfsg-4%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/proftpd-dfsg@1.3.9~dfsg-4?distro=trixie
purl	pkg:deb/debian/proftpd-dfsg@1.3.9~dfsg-4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/proftpd-dfsg@1.3.9~dfsg-4%3Fdistro=trixie

Affected_packages

url pkg:deb/debian/proftpd-dfsg@1.3.0-19

purl pkg:deb/debian/proftpd-dfsg@1.3.0-19

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17q4-65b3-mbbg

vulnerability	VCID-1hz3-91g9-6baf

vulnerability	VCID-55bs-th2b-cbfy

vulnerability	VCID-6kef-2azs-xugx

vulnerability	VCID-6zv5-sn2d-ffa6

vulnerability	VCID-73rz-xdrz-ryez

vulnerability	VCID-8yrv-hee2-9qdc

vulnerability	VCID-bgf6-swz8-j7bt

vulnerability	VCID-c26f-t6bh-fkc6

vulnerability	VCID-cbu1-85d6-5bhz

vulnerability	VCID-fn5e-rmve-c3f4

vulnerability	VCID-gskk-nnr5-ukac

vulnerability	VCID-gw9f-rc1s-8udd

vulnerability	VCID-jczb-y4fh-xucn

vulnerability	VCID-jxke-yeum-8fh2

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-n5dr-ejmr-2ug9

vulnerability	VCID-pcah-e3hh-gbd7

vulnerability	VCID-r4vc-yu6n-kkhe

vulnerability	VCID-s84k-unmk-ubgt

vulnerability	VCID-tc5c-pyzn-ekh1

vulnerability	VCID-u7k3-9pb6-nqa8

vulnerability	VCID-u8pb-1kgt-z3fp

vulnerability	VCID-v1n2-dgwq-6bgh

vulnerability	VCID-v3k9-71y7-e7bu

vulnerability	VCID-wwz1-zb24-7qgy

vulnerability	VCID-xeeh-rpu9-63g6

vulnerability	VCID-xmjm-ep49-1uh2

vulnerability	VCID-y3j2-e8hq-w3em

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/proftpd-dfsg@1.3.0-19

url pkg:deb/debian/proftpd-dfsg@1.3.0-19etch3

purl pkg:deb/debian/proftpd-dfsg@1.3.0-19etch3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17q4-65b3-mbbg

vulnerability	VCID-1hz3-91g9-6baf

vulnerability	VCID-55bs-th2b-cbfy

vulnerability	VCID-6kef-2azs-xugx

vulnerability	VCID-6zv5-sn2d-ffa6

vulnerability	VCID-73rz-xdrz-ryez

vulnerability	VCID-8yrv-hee2-9qdc

vulnerability	VCID-bgf6-swz8-j7bt

vulnerability	VCID-c26f-t6bh-fkc6

vulnerability	VCID-cbu1-85d6-5bhz

vulnerability	VCID-fn5e-rmve-c3f4

vulnerability	VCID-gskk-nnr5-ukac

vulnerability	VCID-gw9f-rc1s-8udd

vulnerability	VCID-jczb-y4fh-xucn

vulnerability	VCID-jxke-yeum-8fh2

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-n5dr-ejmr-2ug9

vulnerability	VCID-pcah-e3hh-gbd7

vulnerability	VCID-r4vc-yu6n-kkhe

vulnerability	VCID-s84k-unmk-ubgt

vulnerability	VCID-tc5c-pyzn-ekh1

vulnerability	VCID-u7k3-9pb6-nqa8

vulnerability	VCID-u8pb-1kgt-z3fp

vulnerability	VCID-v1n2-dgwq-6bgh

vulnerability	VCID-v3k9-71y7-e7bu

vulnerability	VCID-wwz1-zb24-7qgy

vulnerability	VCID-xeeh-rpu9-63g6

vulnerability	VCID-xmjm-ep49-1uh2

vulnerability	VCID-y3j2-e8hq-w3em

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/proftpd-dfsg@1.3.0-19etch3

url pkg:deb/debian/proftpd-dfsg@1.3.1-17lenny9

purl pkg:deb/debian/proftpd-dfsg@1.3.1-17lenny9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17q4-65b3-mbbg

vulnerability	VCID-1hz3-91g9-6baf

vulnerability	VCID-55bs-th2b-cbfy

vulnerability	VCID-6kef-2azs-xugx

vulnerability	VCID-6zv5-sn2d-ffa6

vulnerability	VCID-73rz-xdrz-ryez

vulnerability	VCID-8yrv-hee2-9qdc

vulnerability	VCID-bgf6-swz8-j7bt

vulnerability	VCID-c26f-t6bh-fkc6

vulnerability	VCID-cbu1-85d6-5bhz

vulnerability	VCID-fn5e-rmve-c3f4

vulnerability	VCID-gw9f-rc1s-8udd

vulnerability	VCID-jczb-y4fh-xucn

vulnerability	VCID-jxke-yeum-8fh2

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-n5dr-ejmr-2ug9

vulnerability	VCID-pcah-e3hh-gbd7

vulnerability	VCID-r4vc-yu6n-kkhe

vulnerability	VCID-s84k-unmk-ubgt

vulnerability	VCID-tc5c-pyzn-ekh1

vulnerability	VCID-u7k3-9pb6-nqa8

vulnerability	VCID-u8pb-1kgt-z3fp

vulnerability	VCID-v3k9-71y7-e7bu

vulnerability	VCID-wwz1-zb24-7qgy

vulnerability	VCID-xeeh-rpu9-63g6

vulnerability	VCID-xmjm-ep49-1uh2

vulnerability	VCID-y3j2-e8hq-w3em

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/proftpd-dfsg@1.3.1-17lenny9

url pkg:deb/debian/proftpd-dfsg@1.3.3a-6squeeze7

purl pkg:deb/debian/proftpd-dfsg@1.3.3a-6squeeze7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17q4-65b3-mbbg

vulnerability	VCID-6kef-2azs-xugx

vulnerability	VCID-6zv5-sn2d-ffa6

vulnerability	VCID-73rz-xdrz-ryez

vulnerability	VCID-8yrv-hee2-9qdc

vulnerability	VCID-c26f-t6bh-fkc6

vulnerability	VCID-cbu1-85d6-5bhz

vulnerability	VCID-fn5e-rmve-c3f4

vulnerability	VCID-gw9f-rc1s-8udd

vulnerability	VCID-jczb-y4fh-xucn

vulnerability	VCID-jxke-yeum-8fh2

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-n5dr-ejmr-2ug9

vulnerability	VCID-pcah-e3hh-gbd7

vulnerability	VCID-r4vc-yu6n-kkhe

vulnerability	VCID-tc5c-pyzn-ekh1

vulnerability	VCID-u7k3-9pb6-nqa8

vulnerability	VCID-wwz1-zb24-7qgy

vulnerability	VCID-xeeh-rpu9-63g6

vulnerability	VCID-xmjm-ep49-1uh2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/proftpd-dfsg@1.3.3a-6squeeze7

url pkg:deb/debian/proftpd-dfsg@1.3.4a-5%2Bdeb7u3

purl pkg:deb/debian/proftpd-dfsg@1.3.4a-5%2Bdeb7u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17q4-65b3-mbbg

vulnerability	VCID-6kef-2azs-xugx

vulnerability	VCID-6zv5-sn2d-ffa6

vulnerability	VCID-73rz-xdrz-ryez

vulnerability	VCID-8yrv-hee2-9qdc

vulnerability	VCID-c26f-t6bh-fkc6

vulnerability	VCID-cbu1-85d6-5bhz

vulnerability	VCID-fn5e-rmve-c3f4

vulnerability	VCID-gw9f-rc1s-8udd

vulnerability	VCID-jczb-y4fh-xucn

vulnerability	VCID-jxke-yeum-8fh2

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-pcah-e3hh-gbd7

vulnerability	VCID-tc5c-pyzn-ekh1

vulnerability	VCID-u7k3-9pb6-nqa8

vulnerability	VCID-wwz1-zb24-7qgy

vulnerability	VCID-xeeh-rpu9-63g6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/proftpd-dfsg@1.3.4a-5%252Bdeb7u3

url pkg:deb/debian/proftpd-dfsg@1.3.5-1.1

purl pkg:deb/debian/proftpd-dfsg@1.3.5-1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17q4-65b3-mbbg

vulnerability	VCID-6kef-2azs-xugx

vulnerability	VCID-6zv5-sn2d-ffa6

vulnerability	VCID-73rz-xdrz-ryez

vulnerability	VCID-8yrv-hee2-9qdc

vulnerability	VCID-c26f-t6bh-fkc6

vulnerability	VCID-cbu1-85d6-5bhz

vulnerability	VCID-fn5e-rmve-c3f4

vulnerability	VCID-gw9f-rc1s-8udd

vulnerability	VCID-jczb-y4fh-xucn

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-pcah-e3hh-gbd7

vulnerability	VCID-tc5c-pyzn-ekh1

vulnerability	VCID-u7k3-9pb6-nqa8

vulnerability	VCID-wwz1-zb24-7qgy

vulnerability	VCID-xeeh-rpu9-63g6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/proftpd-dfsg@1.3.5-1.1

url pkg:deb/debian/proftpd-dfsg@1.3.5-1.1%2Bdeb8u2

purl pkg:deb/debian/proftpd-dfsg@1.3.5-1.1%2Bdeb8u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17q4-65b3-mbbg

vulnerability	VCID-6kef-2azs-xugx

vulnerability	VCID-6zv5-sn2d-ffa6

vulnerability	VCID-73rz-xdrz-ryez

vulnerability	VCID-8yrv-hee2-9qdc

vulnerability	VCID-c26f-t6bh-fkc6

vulnerability	VCID-cbu1-85d6-5bhz

vulnerability	VCID-fn5e-rmve-c3f4

vulnerability	VCID-gw9f-rc1s-8udd

vulnerability	VCID-jczb-y4fh-xucn

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-pcah-e3hh-gbd7

vulnerability	VCID-tc5c-pyzn-ekh1

vulnerability	VCID-u7k3-9pb6-nqa8

vulnerability	VCID-wwz1-zb24-7qgy

vulnerability	VCID-xeeh-rpu9-63g6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/proftpd-dfsg@1.3.5-1.1%252Bdeb8u2

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-3306

reference_id

reference_type

scores

value	0.93681
scoring_system	epss
scoring_elements	0.99845
published_at	2026-04-07T12:55:00Z

value	0.93681
scoring_system	epss
scoring_elements	0.99846
published_at	2026-04-12T12:55:00Z

value	0.93681
scoring_system	epss
scoring_elements	0.99847
published_at	2026-04-16T12:55:00Z

value	0.93986
scoring_system	epss
scoring_elements	0.99888
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-3306

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3306
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3306

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782781
reference_id	782781
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782781

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/49908.py
reference_id	CVE-2015-3306
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/49908.py

reference_url	http://bugs.proftpd.org/show_bug.cgi?id=4169
reference_id	CVE-2015-3306;OSVDB-120834
reference_type	exploit
scores
url	http://bugs.proftpd.org/show_bug.cgi?id=4169

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/36742.txt
reference_id	CVE-2015-3306;OSVDB-120834
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/36742.txt

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/36803.py
reference_id	CVE-2015-3306;OSVDB-120834
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/36803.py

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/37262.rb
reference_id	CVE-2015-3306;OSVDB-120834
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/37262.rb

Weaknesses

Exploits

date_added	2015-04-14
description	ProFTPd 1.3.5 - File Copy
required_action	`null`
due_date	`null`
notes	`null`
known_ransomware_campaign_use	`true`
source_date_published	2015-04-13
exploit_type	remote
platform	linux
source_date_updated	2016-10-10
data_source	Exploit-DB
source_url	http://bugs.proftpd.org/show_bug.cgi?id=4169

date_added	`null`
description	This module exploits the SITE CPFR/CPTO mod_copy commands in ProFTPD version 1.3.5. Any unauthenticated client can leverage these commands to copy files from any part of the filesystem to a chosen destination. The copy commands are executed with the rights of the ProFTPD service, which by default runs under the privileges of the 'nobody' user. By using /proc/self/cmdline to copy a PHP payload to the website directory, PHP remote code execution is made possible.
required_action	`null`
due_date	`null`
notes	Stability: - crash-safe Reliability: - repeatable-session SideEffects: - artifacts-on-disk - ioc-in-logs
known_ransomware_campaign_use	`false`
source_date_published	2015-04-22
exploit_type	`null`
platform	Unix
source_date_updated	`null`
data_source	Metasploit
source_url	https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/unix/ftp/proftpd_modcopy_exec.rb

Severity_range_score null

Exploitability 2.0

Weighted_severity 0.8

Risk_score 1.6

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-73rz-xdrz-ryez

Vulnerability Instance