Product:

Wu\-Ftpd

(Washington_university)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 21
Date Id Summary Products Score Patch Annotated
1995-11-30 CVE-1999-0080 Certain configurations of wu-ftp FTP server 2.4 use a _PATH_EXECPATH setting to a directory with dangerous commands, such as /bin, which allows remote authenticated users to gain root access via the "site exec" command. Wu\-Ftpd N/A
1997-01-11 CVE-1999-0081 wu-ftp allows files to be overwritten via the rnfr command. Wu\-Ftpd N/A
1997-07-01 CVE-1999-0156 wu-ftpd FTP daemon allows any user and password combination. Wu\-Ftpd N/A
1997-07-01 CVE-1999-0076 Buffer overflow in wu-ftp from PASV command causes a core dump. Wu\-Ftpd N/A
1997-09-23 CVE-1999-0955 Race condition in wu-ftpd and BSDI ftpd allows remote attackers to gain root access via the SITE EXEC command. Wu\-Ftpd N/A
1997-12-10 CVE-1999-0017 FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce. Openlinux, Freebsd, Inet, Aix, Netbsd, Open_desktop, Openserver, Unixware, Reliant_unix, Sunos, Wu\-Ftpd N/A
1999-02-09 CVE-1999-0368 Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto. Openlinux, Debian_linux, Proftpd, Linux, Openserver, Unixware, Slackware_linux, Wu\-Ftpd N/A
2005-05-02 CVE-2005-0256 The wu_fnmatch function in wu_fnmatch.c in wu-ftpd 2.6.1 and 2.6.2 allows remote attackers to cause a denial of service (CPU exhaustion by recursion) via a glob pattern with a large number of * (wildcard) characters, as demonstrated using the dir command. Wu\-Ftpd N/A
2004-04-15 CVE-2004-0148 wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead. Propack, Wu\-Ftpd N/A
2003-12-31 CVE-2003-1329 ftpd.c in wu-ftpd 2.6.2, when running on "operating systems that only allow one non-connected socket bound to the same local address," does not close failed connections, which allows remote attackers to cause a denial of service. Wu\-Ftpd N/A