CVE-2005-0256

all versions

The wu_fnmatch function in wu_fnmatch.c in wu-ftpd 2.6.1 and 2.6.2 allows remote attackers to cause a denial of service (CPU exhau

CVE-2004-0148

all versions

wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing th

CVE-2004-0185

all versions

Buffer overflow in the skey_challenge function in ftpd.c for wu-ftp daemon (wu-ftpd) 2.6.2 allows remote attackers to cause a deni

CVE-2003-1329

all versions

ftpd.c in wu-ftpd 2.6.2, when running on "operating systems that only allow one non-connected socket bound to the same local addre

CVE-2003-1327

<= 2.6.2

Buffer overflow in the SockPrintf function in wu-ftpd 2.6.2 and earlier, when compiled with MAIL_ADMIN option enabled on a system

CVE-2003-0854

all versions

ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can b

CVE-2003-0853

all versions

An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arb

CVE-2003-0466

all versions

Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbit

9.8CRITICAL

CVE-2001-0550

all versions

wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a "~{" argument to commands such as CWD, which is not prop

CVE-2001-0935

all versions

Vulnerability in wu-ftpd 2.6.0, and possibly earlier versions, which is unrelated to the ftpglob bug described in CVE-2001-0550.

CVE-2001-0187

all versions

Format string vulnerability in wu-ftp 2.6.1 and earlier, when running with debug mode enabled, allows remote attackers to execute

CVE-2000-0574

all versions

FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do not properly cleanse untrusted format strings that are used

CVE-1999-0997

all versions

wu-ftp with FTP conversion enabled allows an attacker to execute commands via a malformed file name that is interpreted as an argu

CVE-1999-0878

all versions

Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via MAPPING_CHDIR.

CVE-1999-0368

all versions

Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto.

CVE-1999-0017

all versions

FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce.

CVE-1999-0955

all versions

Race condition in wu-ftpd and BSDI ftpd allows remote attackers to gain root access via the SITE EXEC command.

CVE-1999-1326

all versions

wu-ftpd 2.4 FTP server does not properly drop privileges when an ABOR (abort file transfer) command is executed during a file tran

CVE-1999-0156

all versions

wu-ftpd FTP daemon allows any user and password combination.

CVE-1999-0076

all versions

Buffer overflow in wu-ftp from PASV command causes a core dump.

CVE-1999-0081

all versions

wu-ftp allows files to be overwritten via the rnfr command.

CVE-1999-0202

all versions

The GNU tar command, when used in FTP sessions, may allow an attacker to execute arbitrary commands.

CVE-1999-0075

all versions

PASV core dump in wu-ftpd daemon when attacker uses a QUOTE PASV command after specifying a username and password.

CVE-1999-0080

all versions

Certain configurations of wu-ftp FTP server 2.4 use a _PATH_EXECPATH setting to a directory with dangerous commands, such as /bin,