Washington University : Security Vulnerabilities, CVEs, CVSS score >= 8
Buffer overflow in the skey_challenge function in ftpd.c for wu-ftp daemon (wu-ftpd) 2.6.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a s/key (SKEY) request with a long name.
Max CVSS
10.0
EPSS Score
7.52%
Published
2004-03-15
Updated
2017-10-10
Buffer overflow in the SockPrintf function in wu-ftpd 2.6.2 and earlier, when compiled with MAIL_ADMIN option enabled on a system that supports very long pathnames, might allow remote anonymous users to execute arbitrary code by uploading a file with a long pathname, which triggers the overflow when wu-ftpd constructs a notification message to the administrator.
Max CVSS
9.3
EPSS Score
0.44%
Published
2003-12-31
Updated
2017-07-29
Format string vulnerability in wu-ftp 2.6.1 and earlier, when running with debug mode enabled, allows remote attackers to execute arbitrary commands via a malformed argument that is recorded in a PASV port assignment.
Max CVSS
10.0
EPSS Score
3.48%
Published
2001-03-26
Updated
2017-10-10
Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via MAPPING_CHDIR.
Max CVSS
10.0
EPSS Score
0.84%
Published
1999-08-22
Updated
2008-09-09
Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto.
Max CVSS
10.0
EPSS Score
8.59%
Published
1999-02-09
Updated
2022-08-17
Certain configurations of wu-ftp FTP server 2.4 use a _PATH_EXECPATH setting to a directory with dangerous commands, such as /bin, which allows remote authenticated users to gain root access via the "site exec" command.
Max CVSS
10.0
EPSS Score
0.73%
Published
1995-11-30
Updated
2022-08-17
6 vulnerabilities found