HOMEVULNERABILITIESVENDORSTexas Imperial Software

Texas Imperial SoftwareCVEs & Vulnerabilities

20 CVEs affecting Texas Imperial Software products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

wftpd 62wftpd pro 5wftpd pro explorer 1wftpd pro server 1
CVE-2007-6473MEDIUMpoc

Heap-based buffer overflow in Texas Imperial Software WFTPD Pro Explorer 1.0 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command.

20 Dec 2007
5.8
CVSS
CVE-2007-0311MEDIUMpoc

Texas Imperial Software WFTPD and WFTPD Pro Server 3.25 and earlier allow remote attackers to cause a denial of service (application crash) via a long SITE ADMIN command.

18 Jan 2007
5.0
CVSS
CVE-2006-5826MEDIUMpoc

Buffer overflow in Texas Imperial Software WFTPD Pro Server 3.23.1.1 allows remote authenticated users to execute arbitrary code or cause a denial of service (application crash) via crafted APPE commands that contain "/" (slash) or "\" (backslash) characters.

10 Nov 2006
5.8
CVSS
CVE-2006-4318MEDIUMpoc

Buffer overflow in WFTPD Server 3.23 allows remote attackers to execute arbitrary code via long SIZE commands.

24 Aug 2006
6.5
CVSS
CVE-2004-2367MEDIUMpoc

The Control Panel applet in WFTPD and WFTPD Pro 3.21 R1 and R2 allows remote authenticated users to cause a denial of service (crash) via a long FTP command.

31 Dec 2004
5.0
CVSS
CVE-2004-0341LOW

WFTPD Pro Server 3.21 Release 1 allocates memory for a command until a 0Ah byte (newline) is sent, which allows local users to cause a denial of service (CPU consumption) by continuing to send a long command that does not contain a newline.

23 Nov 2004
2.1
CVSS
CVE-2004-0340HIGHpoc

Stack-based buffer overflow in WFTPD Pro Server 3.21 Release 1, Pro Server 3.20 Release 2, Server 3.21 Release 1, and Server 3.10 allows local users to execute arbitrary code via long (1) LIST, (2) NLST, or (3) STAT commands.

23 Nov 2004
7.2
CVSS
CVE-2004-1642MEDIUMpoc

WFTPD Pro Server 3.21 allows remote authenticated users to cause a denial of service (crash) via a series of long MLIST commands.

29 Aug 2004
5.0
CVSS
CVE-2001-0694HIGH

Directory traversal vulnerability in WFTPD 3.00 R5 allows a remote attacker to view arbitrary files via a dot dot attack in the CD command.

20 Sep 2001
7.5
CVSS
CVE-2001-0695MEDIUM

WFTPD 3.00 R5 allows a remote attacker to cause a denial of service by making repeated requests to cd to the floppy drive (A:\).

20 Sep 2001
5.0
CVSS
CVE-2001-0296CRITICALpoc

Buffer overflow in WFTPD Pro 3.00 allows remote attackers to execute arbitrary commands via a long CWD command.

3 May 2001
10.0
CVSS
CVE-2000-1101MEDIUM

Directory traversal vulnerability in Winsock FTPd (WFTPD) 3.00 and 2.41 with the "Restrict to home directory" option enabled allows local users to escape the home directory via a "/../" string, a variation of the .. (dot dot) attack.

9 Jan 2001
5.0
CVSS
CVE-2000-0875MEDIUM

WFTPD and WFTPD Pro 2.41 RC12 allows remote attackers to cause a denial of service by sending a long string of unprintable characters.

14 Nov 2000
5.0
CVSS
CVE-2000-0876MEDIUM

WFTPD and WFTPD Pro 2.41 RC12 allows remote attackers to obtain the full pathname of the server via a "%C" command, which generates an error message that includes the pathname.

14 Nov 2000
5.0
CVSS
CVE-2000-0646MEDIUM

WFTPD and WFTPD Pro 2.41 allows remote attackers to obtain the real pathname for a file by executing a STATUS (STAT) command while the file is being transferred.

21 Jul 2000
5.0
CVSS
CVE-2000-0647MEDIUMpoc

WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of service by executing an MLST command before logging into the server.

21 Jul 2000
5.0
CVSS
CVE-2000-0645MEDIUMpoc

WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of service by using the RESTART (REST) command and writing beyond the end of a file, or writing to a file that does not exist, via commands such as STORE UNIQUE (STOU), STORE (STOR), or APPEND (APPE).

21 Jul 2000
6.4
CVSS
CVE-2000-0644MEDIUMpoc

WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of service by executing a STAT command while the LIST command is still executing.

21 Jul 2000
5.0
CVSS
CVE-2000-0648MEDIUMpoc

WFTPD and WFTPD Pro 2.41 allows local users to cause a denial of service by executing the RENAME TO (RNTO) command before a RENAME FROM (RNFR) command.

11 Jul 2000
5.0
CVSS
CVE-1999-0950CRITICALpoc

Buffer overflow in WFTPD FTP server allows remote attackers to gain root access via a series of MKD and CWD commands that create nested directories.

28 Oct 1999
10.0
CVSS
← PrevPage 1 / 1Next →