Washington University Wu-ftpd — known CVE vulnerabilities
Every CVE whose affected-product data names Washington University Wu-ftpd, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (21)
CVE-2001-0187 — CVSS 10.0 (critical): Format string vulnerability in wu-ftp 2.6.1 and earlier, when running with debug mode enabled, allows remote attackers to execute arbitrary…
CVE-1999-0080 — CVSS 10.0 (critical): Certain configurations of wu-ftp FTP server 2.4 use a _PATH_EXECPATH setting to a directory with dangerous commands, such as /bin, which…
CVE-2004-0185 — CVSS 10.0 (critical): Buffer overflow in the skey_challenge function in ftpd.c for wu-ftp daemon (wu-ftpd) 2.6.2 allows remote attackers to cause a denial of…
CVE-1999-0878 — CVSS 10.0 (critical): Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via MAPPING_CHDIR.
CVE-2003-1327 — CVSS 9.3 (critical): Buffer overflow in the SockPrintf function in wu-ftpd 2.6.2 and earlier, when compiled with MAIL_ADMIN option enabled on a system that…
CVE-2003-1329 — CVSS 7.8 (high): ftpd.c in wu-ftpd 2.6.2, when running on "operating systems that only allow one non-connected socket bound to the same local address," does…
CVE-1999-0955 — CVSS 7.6 (high): Race condition in wu-ftpd and BSDI ftpd allows remote attackers to gain root access via the SITE EXEC command.
CVE-2001-0550 — CVSS 7.5 (high): wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a "~{" argument to commands such as CWD, which is not properly…
CVE-2001-0935 — CVSS 7.5 (high): Vulnerability in wu-ftpd 2.6.0, and possibly earlier versions, which is unrelated to the ftpglob bug described in CVE-2001-0550.
CVE-1999-0017 — CVSS 7.5 (high): FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce.
CVE-2004-0148 — CVSS 7.2 (high): wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the…
CVE-2005-0256 — CVSS 5.0 (medium): The wu_fnmatch function in wu_fnmatch.c in wu-ftpd 2.6.1 and 2.6.2 allows remote attackers to cause a denial of service (CPU exhaustion by…
CVE-1999-0075 — CVSS 5.0 (medium): PASV core dump in wu-ftpd daemon when attacker uses a QUOTE PASV command after specifying a username and password.
CVE-1999-1326 — CVSS 5.0 (medium): wu-ftpd 2.4 FTP server does not properly drop privileges when an ABOR (abort file transfer) command is executed during a file transfer…
CVE-2000-0574 — CVSS 5.0 (medium): FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do not properly cleanse untrusted format strings that are used in the…
CVE-2003-0853 — CVSS 5.0 (medium): An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary…
CVE-2003-0854 — CVSS 2.1 (low): ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be…