Wzdftpd

CVEs (4)

CVE	Risk	CVSS	EPSS	Published	Description
CVE-2005-3081	0.06	—	0.40	Sep 27, 2005	wzdftpd 0.5.4 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the SITE command.
CVE-2007-5300	0.04	—	0.15	Oct 9, 2007	Off-by-one error in the do_login_loop function in libwzd-core/wzd_login.c in wzdftpd 0.8.0, 0.8.2, and possibly other versions allows remote attackers to cause a denial of service (daemon crash) via a long USER command that triggers a stack-based buffer overflow. NOTE: some of these details are obtained from third party information.
CVE-2007-0428	0.00	—	0.03	Jan 23, 2007	Unspecified vulnerability in the chtbl_lookup function in hash.c for WzdFTPD 8.0 and earlier allows remote attackers to cause a denial of service via a crafted FTP command, probably due to a NULL pointer dereference.
CVE-2003-0477	0.00	—	0.01	Aug 7, 2003	wzdftpd 0.1rc4 and earlier allows remote attackers to cause a denial of service (crash) via a PORT command without an argument.

CVE-2005-3081Sep 27, 2005
risk 0.06cvss —epss 0.40
wzdftpd 0.5.4 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the SITE command.
CVE-2007-5300Oct 9, 2007
risk 0.04cvss —epss 0.15
Off-by-one error in the do_login_loop function in libwzd-core/wzd_login.c in wzdftpd 0.8.0, 0.8.2, and possibly other versions allows remote attackers to cause a denial of service (daemon crash) via a long USER command that triggers a stack-based buffer overflow. NOTE: some of these details are obtained from third party information.
CVE-2007-0428Jan 23, 2007
risk 0.00cvss —epss 0.03
Unspecified vulnerability in the chtbl_lookup function in hash.c for WzdFTPD 8.0 and earlier allows remote attackers to cause a denial of service via a crafted FTP command, probably due to a NULL pointer dereference.
CVE-2003-0477Aug 7, 2003
risk 0.00cvss —epss 0.01
wzdftpd 0.1rc4 and earlier allows remote attackers to cause a denial of service (crash) via a PORT command without an argument.