VulnerableCode Vulnerability Details

Search for vulnerabilities

System	Score	Found at
generic_textual	Medium	http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-3306.html
epss	0.94067	https://api.first.org/data/v1/epss?cve=CVE-2015-3306
epss	0.94067	https://api.first.org/data/v1/epss?cve=CVE-2015-3306
epss	0.94067	https://api.first.org/data/v1/epss?cve=CVE-2015-3306
epss	0.94067	https://api.first.org/data/v1/epss?cve=CVE-2015-3306
epss	0.94068	https://api.first.org/data/v1/epss?cve=CVE-2015-3306
epss	0.94111	https://api.first.org/data/v1/epss?cve=CVE-2015-3306
epss	0.94111	https://api.first.org/data/v1/epss?cve=CVE-2015-3306
epss	0.94111	https://api.first.org/data/v1/epss?cve=CVE-2015-3306
epss	0.94111	https://api.first.org/data/v1/epss?cve=CVE-2015-3306
epss	0.94111	https://api.first.org/data/v1/epss?cve=CVE-2015-3306
epss	0.94111	https://api.first.org/data/v1/epss?cve=CVE-2015-3306
epss	0.94111	https://api.first.org/data/v1/epss?cve=CVE-2015-3306
epss	0.94151	https://api.first.org/data/v1/epss?cve=CVE-2015-3306
epss	0.94188	https://api.first.org/data/v1/epss?cve=CVE-2015-3306
epss	0.94188	https://api.first.org/data/v1/epss?cve=CVE-2015-3306
epss	0.96789	https://api.first.org/data/v1/epss?cve=CVE-2015-3306
epss	0.96789	https://api.first.org/data/v1/epss?cve=CVE-2015-3306
epss	0.96789	https://api.first.org/data/v1/epss?cve=CVE-2015-3306
epss	0.97032	https://api.first.org/data/v1/epss?cve=CVE-2015-3306
epss	0.97032	https://api.first.org/data/v1/epss?cve=CVE-2015-3306
epss	0.97032	https://api.first.org/data/v1/epss?cve=CVE-2015-3306
epss	0.97032	https://api.first.org/data/v1/epss?cve=CVE-2015-3306
epss	0.97032	https://api.first.org/data/v1/epss?cve=CVE-2015-3306
epss	0.97091	https://api.first.org/data/v1/epss?cve=CVE-2015-3306
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3306
generic_textual	Medium	https://cxsecurity.com/issue/WLB-2015040075
cvssv2	10.0	https://nvd.nist.gov/vuln/detail/CVE-2015-3306
generic_textual	Medium	http://www.openwall.com/lists/oss-security/2015/04/15/2

System

Score

Found at

generic_textual

Medium

http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-3306.html

epss

0.94067

https://api.first.org/data/v1/epss?cve=CVE-2015-3306

epss

0.94067

https://api.first.org/data/v1/epss?cve=CVE-2015-3306

epss

0.94067

https://api.first.org/data/v1/epss?cve=CVE-2015-3306

epss

0.94067

https://api.first.org/data/v1/epss?cve=CVE-2015-3306

epss

0.94068

https://api.first.org/data/v1/epss?cve=CVE-2015-3306

epss

0.94111

https://api.first.org/data/v1/epss?cve=CVE-2015-3306

epss

0.94111

https://api.first.org/data/v1/epss?cve=CVE-2015-3306

epss

0.94111

https://api.first.org/data/v1/epss?cve=CVE-2015-3306

epss

0.94111

https://api.first.org/data/v1/epss?cve=CVE-2015-3306

epss

0.94111

https://api.first.org/data/v1/epss?cve=CVE-2015-3306

epss

0.94111

https://api.first.org/data/v1/epss?cve=CVE-2015-3306

epss

0.94111

https://api.first.org/data/v1/epss?cve=CVE-2015-3306

epss

0.94151

https://api.first.org/data/v1/epss?cve=CVE-2015-3306

epss

0.94188

https://api.first.org/data/v1/epss?cve=CVE-2015-3306

epss

0.94188

https://api.first.org/data/v1/epss?cve=CVE-2015-3306

epss

0.96789

https://api.first.org/data/v1/epss?cve=CVE-2015-3306

epss

0.96789

https://api.first.org/data/v1/epss?cve=CVE-2015-3306

epss

0.96789

https://api.first.org/data/v1/epss?cve=CVE-2015-3306

epss

0.97032

https://api.first.org/data/v1/epss?cve=CVE-2015-3306

epss

0.97032

https://api.first.org/data/v1/epss?cve=CVE-2015-3306

epss

0.97032

https://api.first.org/data/v1/epss?cve=CVE-2015-3306

epss

0.97032

https://api.first.org/data/v1/epss?cve=CVE-2015-3306

epss

0.97032

https://api.first.org/data/v1/epss?cve=CVE-2015-3306

epss

0.97091

https://api.first.org/data/v1/epss?cve=CVE-2015-3306

generic_textual

Medium

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3306

generic_textual

Medium

https://cxsecurity.com/issue/WLB-2015040075

cvssv2

10.0

https://nvd.nist.gov/vuln/detail/CVE-2015-3306

generic_textual

Medium

http://www.openwall.com/lists/oss-security/2015/04/15/2

Reference id

Reference type

URL

http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157053.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157054.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157581.html

http://lists.opensuse.org/opensuse-updates/2015-06/msg00020.html

http://packetstormsecurity.com/files/131505/ProFTPd-1.3.5-File-Copy.html

http://packetstormsecurity.com/files/131555/ProFTPd-1.3.5-Remote-Command-Execution.html

http://packetstormsecurity.com/files/131567/ProFTPd-CPFR-CPTO-Proof-Of-Concept.html

http://packetstormsecurity.com/files/132218/ProFTPD-1.3.5-Mod_Copy-Command-Execution.html

http://packetstormsecurity.com/files/162777/ProFTPd-1.3.5-Remote-Command-Execution.html

http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-3306.html

https://api.first.org/data/v1/epss?cve=CVE-2015-3306

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3306

https://cxsecurity.com/issue/WLB-2015040075

https://www.exploit-db.com/exploits/36742/

https://www.exploit-db.com/exploits/36803/

http://www.debian.org/security/2015/dsa-3263

http://www.openwall.com/lists/oss-security/2015/04/15/2

http://www.rapid7.com/db/modules/exploit/unix/ftp/proftpd_modcopy_exec

http://www.securityfocus.com/bid/74238

782781

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782781

cpe:2.3:a:proftpd:proftpd:1.3.5:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:proftpd:proftpd:1.3.5:*:*:*:*:*:*:*

CVE-2015-3306

Exploit

https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/49908.py

CVE-2015-3306

https://nvd.nist.gov/vuln/detail/CVE-2015-3306

CVE-2015-3306;OSVDB-120834

Exploit

http://bugs.proftpd.org/show_bug.cgi?id=4169

CVE-2015-3306;OSVDB-120834

Exploit

https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/36742.txt

CVE-2015-3306;OSVDB-120834

Exploit

https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/36803.py

CVE-2015-3306;OSVDB-120834

Exploit

https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/37262.rb

Data source	Exploit-DB
Date added	April 14, 2015
Description	ProFTPd 1.3.5 - File Copy
Ransomware campaign use	Known
Source publication date	April 13, 2015
Exploit type	remote
Platform	linux
Source update date	Oct. 10, 2016
Source URL	http://bugs.proftpd.org/show_bug.cgi?id=4169

Exploit-DB

April 14, 2015

ProFTPd 1.3.5 - File Copy

Known

April 13, 2015

remote

linux

Oct. 10, 2016

http://bugs.proftpd.org/show_bug.cgi?id=4169

Data source	Metasploit
Description	This module exploits the SITE CPFR/CPTO mod_copy commands in ProFTPD version 1.3.5. Any unauthenticated client can leverage these commands to copy files from any part of the filesystem to a chosen destination. The copy commands are executed with the rights of the ProFTPD service, which by default runs under the privileges of the 'nobody' user. By using /proc/self/cmdline to copy a PHP payload to the website directory, PHP remote code execution is made possible.
Note	Stability: - crash-safe Reliability: - repeatable-session SideEffects: - artifacts-on-disk - ioc-in-logs
Ransomware campaign use	Unknown
Source publication date	April 22, 2015
Platform	Unix
Source URL	https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/unix/ftp/proftpd_modcopy_exec.rb

Metasploit

This module exploits the SITE CPFR/CPTO mod_copy commands in ProFTPD version 1.3.5. Any unauthenticated client can leverage these commands to copy files from any part of the filesystem to a chosen destination. The copy commands are executed with the rights of the ProFTPD service, which by default runs under the privileges of the 'nobody' user. By using /proc/self/cmdline to copy a PHP payload to the website directory, PHP remote code execution is made possible.

Stability:
  - crash-safe
Reliability:
  - repeatable-session
SideEffects:
  - artifacts-on-disk
  - ioc-in-logs

Unknown

April 22, 2015

Unix

https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/unix/ftp/proftpd_modcopy_exec.rb

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.

There are no relevant records.

Vulnerability ID	VCID-s1gd-gp1p-aaar
Aliases	CVE-2015-3306
Summary	The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.
Status	Published
Exploitability	2.0
Weighted Severity	9.0
Risk	10.0
Affected and Fixed Packages	Package Details

Percentile	0.99885
EPSS Score	0.94067
Published At	June 25, 2025, 12:55 p.m.