Washington University : Security Vulnerabilities, CVEs, CVSS score >= 2
The wu_fnmatch function in wu_fnmatch.c in wu-ftpd 2.6.1 and 2.6.2 allows remote attackers to cause a denial of service (CPU exhaustion by recursion) via a glob pattern with a large number of * (wildcard) characters, as demonstrated using the dir command.
Max CVSS
5.0
EPSS Score
7.18%
Published
2005-05-02
Updated
2017-10-11
Buffer overflow in the skey_challenge function in ftpd.c for wu-ftp daemon (wu-ftpd) 2.6.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a s/key (SKEY) request with a long name.
Max CVSS
10.0
EPSS Score
7.52%
Published
2004-03-15
Updated
2017-10-10
wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead.
Max CVSS
7.2
EPSS Score
0.04%
Published
2004-04-15
Updated
2018-05-03
ftpd.c in wu-ftpd 2.6.2, when running on "operating systems that only allow one non-connected socket bound to the same local address," does not close failed connections, which allows remote attackers to cause a denial of service.
Max CVSS
7.8
EPSS Score
0.20%
Published
2003-12-31
Updated
2008-09-05
Buffer overflow in the SockPrintf function in wu-ftpd 2.6.2 and earlier, when compiled with MAIL_ADMIN option enabled on a system that supports very long pathnames, might allow remote anonymous users to execute arbitrary code by uploading a file with a long pathname, which triggers the overflow when wu-ftpd constructs a notification message to the administrator.
Max CVSS
9.3
EPSS Score
0.44%
Published
2003-12-31
Updated
2017-07-29
ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd.
Max CVSS
2.1
EPSS Score
0.04%
Published
2003-11-17
Updated
2017-10-11
An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd.
Max CVSS
5.0
EPSS Score
0.46%
Published
2003-11-17
Updated
2008-09-10
Vulnerability in wu-ftpd 2.6.0, and possibly earlier versions, which is unrelated to the ftpglob bug described in CVE-2001-0550.
Max CVSS
7.5
EPSS Score
0.79%
Published
2001-11-28
Updated
2008-09-10
wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a "~{" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob).
Max CVSS
7.5
EPSS Score
96.05%
Published
2001-11-30
Updated
2018-05-03
Format string vulnerability in wu-ftp 2.6.1 and earlier, when running with debug mode enabled, allows remote attackers to execute arbitrary commands via a malformed argument that is recorded in a PASV port assignment.
Max CVSS
10.0
EPSS Score
3.48%
Published
2001-03-26
Updated
2017-10-10
FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do not properly cleanse untrusted format strings that are used in the setproctitle function (sometimes called by set_proc_title), which allows remote attackers to cause a denial of service or execute arbitrary commands.
Max CVSS
5.0
EPSS Score
4.08%
Published
2000-07-07
Updated
2008-09-10
wu-ftpd 2.4 FTP server does not properly drop privileges when an ABOR (abort file transfer) command is executed during a file transfer, which causes a signal to be handled incorrectly and allows local and possibly remote attackers to read arbitrary files.
Max CVSS
5.0
EPSS Score
0.54%
Published
1997-07-04
Updated
2017-10-10
Race condition in wu-ftpd and BSDI ftpd allows remote attackers to gain root access via the SITE EXEC command.
Max CVSS
7.6
EPSS Score
0.51%
Published
1997-09-23
Updated
2022-08-17
Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via MAPPING_CHDIR.
Max CVSS
10.0
EPSS Score
0.84%
Published
1999-08-22
Updated
2008-09-09
Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto.
Max CVSS
10.0
EPSS Score
8.59%
Published
1999-02-09
Updated
2022-08-17
wu-ftpd FTP daemon allows any user and password combination.
Max CVSS
4.6
EPSS Score
0.04%
Published
1997-07-01
Updated
2022-08-17
wu-ftp allows files to be overwritten via the rnfr command.
Max CVSS
5.0
EPSS Score
1.60%
Published
1997-01-11
Updated
2022-08-17
Certain configurations of wu-ftp FTP server 2.4 use a _PATH_EXECPATH setting to a directory with dangerous commands, such as /bin, which allows remote authenticated users to gain root access via the "site exec" command.
Max CVSS
10.0
EPSS Score
0.73%
Published
1995-11-30
Updated
2022-08-17
Buffer overflow in wu-ftp from PASV command causes a core dump.
Max CVSS
5.0
EPSS Score
3.84%
Published
1997-07-01
Updated
2022-08-17
PASV core dump in wu-ftpd daemon when attacker uses a QUOTE PASV command after specifying a username and password.
Max CVSS
5.0
EPSS Score
1.60%
Published
1996-10-16
Updated
2008-09-09
FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce.
Max CVSS
7.5
EPSS Score
1.65%
Published
1997-12-10
Updated
2022-08-17
21 vulnerabilities found