HOMEVULNERABILITIESVENDORSWashington University

Washington UniversityCVEs & Vulnerabilities

21 CVEs affecting Washington University products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

wu-ftpd 135
CVE-2005-0256MEDIUMpoc

The wu_fnmatch function in wu_fnmatch.c in wu-ftpd 2.6.1 and 2.6.2 allows remote attackers to cause a denial of service (CPU exhaustion by recursion) via a glob pattern with a large number of * (wildcard) characters, as demonstrated using the dir command.

2 May 2005
5.0
CVSS
CVE-2004-0148HIGH

wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead.

15 Apr 2004
7.2
CVSS
CVE-2004-0185CRITICAL

Buffer overflow in the skey_challenge function in ftpd.c for wu-ftp daemon (wu-ftpd) 2.6.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a s/key (SKEY) request with a long name.

15 Mar 2004
10.0
CVSS
CVE-2003-1327CRITICAL

Buffer overflow in the SockPrintf function in wu-ftpd 2.6.2 and earlier, when compiled with MAIL_ADMIN option enabled on a system that supports very long pathnames, might allow remote anonymous users to execute arbitrary code by uploading a file with a long pathname, which triggers the overflow when wu-ftpd constructs a notification message to the administrator.

31 Dec 2003
9.3
CVSS
CVE-2003-1329HIGH

ftpd.c in wu-ftpd 2.6.2, when running on "operating systems that only allow one non-connected socket bound to the same local address," does not close failed connections, which allows remote attackers to cause a denial of service.

31 Dec 2003
7.8
CVSS
CVE-2003-0853MEDIUMpoc

An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd.

17 Nov 2003
5.0
CVSS
CVE-2003-0854LOWpoc

ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd.

17 Nov 2003
2.1
CVSS
CVE-2001-0550HIGHpoc

wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a "~{" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob).

30 Nov 2001
7.5
CVSS
CVE-2001-0935HIGH

Vulnerability in wu-ftpd 2.6.0, and possibly earlier versions, which is unrelated to the ftpglob bug described in CVE-2001-0550.

28 Nov 2001
7.5
CVSS
CVE-2001-0187CRITICALpoc

Format string vulnerability in wu-ftp 2.6.1 and earlier, when running with debug mode enabled, allows remote attackers to execute arbitrary commands via a malformed argument that is recorded in a PASV port assignment.

26 Mar 2001
10.0
CVSS
CVE-2000-0574MEDIUMpoc

FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do not properly cleanse untrusted format strings that are used in the setproctitle function (sometimes called by set_proc_title), which allows remote attackers to cause a denial of service or execute arbitrary commands.

7 Jul 2000
5.0
CVSS
CVE-1999-0878CRITICAL

Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via MAPPING_CHDIR.

22 Aug 1999
10.0
CVSS
CVE-1999-0368CRITICALpoc

Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto.

9 Feb 1999
10.0
CVSS
CVE-1999-0017HIGH

FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce.

10 Dec 1997
7.5
CVSS
CVE-1999-0955HIGH

Race condition in wu-ftpd and BSDI ftpd allows remote attackers to gain root access via the SITE EXEC command.

23 Sep 1997
7.6
CVSS
CVE-1999-1326MEDIUM

wu-ftpd 2.4 FTP server does not properly drop privileges when an ABOR (abort file transfer) command is executed during a file transfer, which causes a signal to be handled incorrectly and allows local and possibly remote attackers to read arbitrary files.

4 Jul 1997
5.0
CVSS
CVE-1999-0076MEDIUM

Buffer overflow in wu-ftp from PASV command causes a core dump.

1 Jul 1997
5.0
CVSS
CVE-1999-0156MEDIUM

wu-ftpd FTP daemon allows any user and password combination.

1 Jul 1997
4.6
CVSS
CVE-1999-0081MEDIUM

wu-ftp allows files to be overwritten via the rnfr command.

11 Jan 1997
5.0
CVSS
CVE-1999-0075MEDIUM

PASV core dump in wu-ftpd daemon when attacker uses a QUOTE PASV command after specifying a username and password.

16 Oct 1996
5.0
CVSS
CVE-1999-0080CRITICAL

Certain configurations of wu-ftp FTP server 2.4 use a _PATH_EXECPATH setting to a directory with dangerous commands, such as /bin, which allows remote authenticated users to gain root access via the "site exec" command.

30 Nov 1995
10.0
CVSS
← PrevPage 1 / 1Next →