Wzdftpd : Security Vulnerabilities, CVEs,
Off-by-one error in the do_login_loop function in libwzd-core/wzd_login.c in wzdftpd 0.8.0, 0.8.2, and possibly other versions allows remote attackers to cause a denial of service (daemon crash) via a long USER command that triggers a stack-based buffer overflow. NOTE: some of these details are obtained from third party information.
Max CVSS
5.0
EPSS Score
11.39%
Published
2007-10-09
Updated
2017-10-19
Unspecified vulnerability in the chtbl_lookup function in hash.c for WzdFTPD 8.0 and earlier allows remote attackers to cause a denial of service via a crafted FTP command, probably due to a NULL pointer dereference.
Max CVSS
5.0
EPSS Score
4.49%
Published
2007-01-23
Updated
2018-10-16
wzdftpd 0.5.4 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the SITE command.
Max CVSS
4.6
EPSS Score
69.13%
Published
2005-09-27
Updated
2008-09-05
wzdftpd 0.1rc4 and earlier allows remote attackers to cause a denial of service (crash) via a PORT command without an argument.
Max CVSS
5.0
EPSS Score
0.25%
Published
2003-08-07
Updated
2016-10-18
4 vulnerabilities found