Vulnerabilities > Washington University
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-05-02 | CVE-2005-0256 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Washington University Wu-Ftpd 2.6.1/2.6.2 The wu_fnmatch function in wu_fnmatch.c in wu-ftpd 2.6.1 and 2.6.2 allows remote attackers to cause a denial of service (CPU exhaustion by recursion) via a glob pattern with a large number of * (wildcard) characters, as demonstrated using the dir command. | 5.0 |
2004-04-15 | CVE-2004-0148 | wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead. | 7.2 |
2003-12-31 | CVE-2003-1329 | Denial-Of-Service vulnerability in Washington University Wu-Ftpd 2.6.2 ftpd.c in wu-ftpd 2.6.2, when running on "operating systems that only allow one non-connected socket bound to the same local address," does not close failed connections, which allows remote attackers to cause a denial of service. | 7.8 |
2003-12-31 | CVE-2003-1327 | Remote Stack-based Buffer Overrun vulnerability in Wu-Ftpd SockPrintf() Buffer overflow in the SockPrintf function in wu-ftpd 2.6.2 and earlier, when compiled with MAIL_ADMIN option enabled on a system that supports very long pathnames, might allow remote anonymous users to execute arbitrary code by uploading a file with a long pathname, which triggers the overflow when wu-ftpd constructs a notification message to the administrator. | 9.3 |
2003-11-17 | CVE-2003-0854 | ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd. | 2.1 |
2003-11-17 | CVE-2003-0853 | Integer Overflow vulnerability in Coreutils LS Width Argument An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd. | 5.0 |
2001-11-30 | CVE-2001-0550 | wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a "~{" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob). | 7.5 |
2001-11-28 | CVE-2001-0935 | Remote Security vulnerability in Washington University Wu-Ftpd 2.4/2.6.0/2.6.1 Vulnerability in wu-ftpd 2.6.0, and possibly earlier versions, which is unrelated to the ftpglob bug described in CVE-2001-0550. | 7.5 |
2001-03-26 | CVE-2001-0187 | Unspecified vulnerability in Washington University Wu-Ftpd Format string vulnerability in wu-ftp 2.6.1 and earlier, when running with debug mode enabled, allows remote attackers to execute arbitrary commands via a malformed argument that is recorded in a PASV port assignment. | 10.0 |
2000-07-07 | CVE-2000-0574 | FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do not properly cleanse untrusted format strings that are used in the setproctitle function (sometimes called by set_proc_title), which allows remote attackers to cause a denial of service or execute arbitrary commands. | 5.0 |