Wu Ftpd

wu-ftpd

CVEs (21)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2005-0256 1Washington University 1Wu Ftpd Apr 16, 2026 May 2, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The wu_fnmatch function in wu_fnmatch.c in wu-ftpd 2.6.1 and 2.6.2 allows remote attackers to cause a denial of service (CPU exhaustion by recursion) via a glob pattern with a large number of * (wildcard) characters, as...Show more The wu_fnmatch function in wu_fnmatch.c in wu-ftpd 2.6.1 and 2.6.2 allows remote attackers to cause a denial of service (CPU exhaustion by recursion) via a glob pattern with a large number of * (wildcard) characters, as demonstrated using the dir command.Show less
CVE-2004-0148 2Sgi Washington University 2Propack Wu Ftpd Apr 16, 2026 Apr 15, 2004 N/A· v4 N/A· v3 7.2 HIGH· v2 wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the r...Show more wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead.Show less
CVE-2004-0185 1Washington University 1Wu Ftpd Apr 16, 2026 Mar 15, 2004 N/A· v4 N/A· v3 10.0 HIGH· v2 Buffer overflow in the skey_challenge function in ftpd.c for wu-ftp daemon (wu-ftpd) 2.6.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a s/key (SKEY) request with a long n...Show more Buffer overflow in the skey_challenge function in ftpd.c for wu-ftp daemon (wu-ftpd) 2.6.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a s/key (SKEY) request with a long name.Show less
CVE-2003-1329 1Washington University 1Wu Ftpd Apr 16, 2026 Dec 31, 2003 N/A· v4 N/A· v3 7.8 HIGH· v2 ftpd.c in wu-ftpd 2.6.2, when running on "operating systems that only allow one non-connected socket bound to the same local address," does not close failed connections, which allows remote attackers to cause a denial of...Show more ftpd.c in wu-ftpd 2.6.2, when running on "operating systems that only allow one non-connected socket bound to the same local address," does not close failed connections, which allows remote attackers to cause a denial of service.Show less
CVE-2003-1327 1Washington University 1Wu Ftpd Apr 16, 2026 Dec 31, 2003 N/A· v4 N/A· v3 9.3 HIGH· v2 Buffer overflow in the SockPrintf function in wu-ftpd 2.6.2 and earlier, when compiled with MAIL_ADMIN option enabled on a system that supports very long pathnames, might allow remote anonymous users to execute arbitrary...Show more Buffer overflow in the SockPrintf function in wu-ftpd 2.6.2 and earlier, when compiled with MAIL_ADMIN option enabled on a system that supports very long pathnames, might allow remote anonymous users to execute arbitrary code by uploading a file with a long pathname, which triggers the overflow when wu-ftpd constructs a notification message to the administrator.Show less
CVE-2003-0854 2Gnu Washington University 2Fileutils Wu Ftpd Apr 16, 2026 Nov 17, 2003 N/A· v4 N/A· v3 2.1 LOW· v2 ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd.
CVE-2003-0853 2Gnu Washington University 2Fileutils Wu Ftpd Apr 16, 2026 Nov 17, 2003 N/A· v4 N/A· v3 5.0 MEDIUM· v2 An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that...Show more An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd.Show less
CVE-2001-0550 2David Madore Washington University 2Ftpd Bsd Wu Ftpd Apr 16, 2026 Nov 30, 2001 N/A· v4 N/A· v3 7.5 HIGH· v2 wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a "~{" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob).
CVE-2001-0935 1Washington University 1Wu Ftpd Apr 16, 2026 Nov 28, 2001 N/A· v4 N/A· v3 7.5 HIGH· v2 Vulnerability in wu-ftpd 2.6.0, and possibly earlier versions, which is unrelated to the ftpglob bug described in CVE-2001-0550.
CVE-2001-0187 1Washington University 1Wu Ftpd Apr 16, 2026 Mar 26, 2001 N/A· v4 N/A· v3 10.0 HIGH· v2 Format string vulnerability in wu-ftp 2.6.1 and earlier, when running with debug mode enabled, allows remote attackers to execute arbitrary commands via a malformed argument that is recorded in a PASV port assignment.
CVE-2000-0574 2Openbsd Washington University 2Ftpd Wu Ftpd Apr 16, 2026 Jul 7, 2000 N/A· v4 N/A· v3 5.0 MEDIUM· v2 FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do not properly cleanse untrusted format strings that are used in the setproctitle function (sometimes called by set_proc_title), which allows remote at...Show more FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do not properly cleanse untrusted format strings that are used in the setproctitle function (sometimes called by set_proc_title), which allows remote attackers to cause a denial of service or execute arbitrary commands.Show less
CVE-1999-0878 2Beroftpd Washington University 2Beroftpd Wu Ftpd Apr 16, 2026 Aug 22, 1999 N/A· v4 N/A· v3 10.0 HIGH· v2 Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via MAPPING_CHDIR.
CVE-1999-0368 7Caldera DebianProftpd Project+4 more 8Debian Linux LinuxOpenlinux+5 more Apr 16, 2026 Feb 9, 1999 N/A· v4 N/A· v3 10.0 HIGH· v2 Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto.
CVE-1999-0017 9Caldera FreebsdGnu+6 more 11Aix FreebsdInet+8 more Apr 16, 2026 Dec 10, 1997 N/A· v4 N/A· v3 7.5 HIGH· v2 FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce.
CVE-1999-0955 1Washington University 1Wu Ftpd Apr 16, 2026 Sep 23, 1997 N/A· v4 N/A· v3 7.6 HIGH· v2 Race condition in wu-ftpd and BSDI ftpd allows remote attackers to gain root access via the SITE EXEC command.
CVE-1999-1326 1Washington University 1Wu Ftpd Apr 16, 2026 Jul 4, 1997 N/A· v4 N/A· v3 5.0 MEDIUM· v2 wu-ftpd 2.4 FTP server does not properly drop privileges when an ABOR (abort file transfer) command is executed during a file transfer, which causes a signal to be handled incorrectly and allows local and possibly remote...Show more wu-ftpd 2.4 FTP server does not properly drop privileges when an ABOR (abort file transfer) command is executed during a file transfer, which causes a signal to be handled incorrectly and allows local and possibly remote attackers to read arbitrary files.Show less
CVE-1999-0156 1Washington University 1Wu Ftpd Apr 16, 2026 Jul 1, 1997 N/A· v4 N/A· v3 4.6 MEDIUM· v2 wu-ftpd FTP daemon allows any user and password combination.
CVE-1999-0076 1Washington University 1Wu Ftpd Apr 16, 2026 Jul 1, 1997 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Buffer overflow in wu-ftp from PASV command causes a core dump.
CVE-1999-0081 1Washington University 1Wu Ftpd Apr 16, 2026 Jan 11, 1997 N/A· v4 N/A· v3 5.0 MEDIUM· v2 wu-ftp allows files to be overwritten via the rnfr command.
CVE-1999-0075 1Washington University 1Wu Ftpd Apr 16, 2026 Oct 16, 1996 N/A· v4 N/A· v3 5.0 MEDIUM· v2 PASV core dump in wu-ftpd daemon when attacker uses a QUOTE PASV command after specifying a username and password.

12 Next