VYPR
Vendor

Texas Imperial Software

Products
4
CVEs
22
Across products
25
Status
Private

Products

4

Recent CVEs

22
View all 22 CVEs →
  • CVE-2001-1386HigJul 1, 2001
    risk 0.49cvss 7.5epss 0.03

    WFTPD 3.00 allows remote attackers to read arbitrary files by uploading a (link) file that ends in a ".lnk." extension, which bypasses WFTPD's check for a ".lnk" extension.

  • CVE-2006-4318Aug 24, 2006
    risk 0.08cvss epss 0.62

    Buffer overflow in WFTPD Server 3.23 allows remote attackers to execute arbitrary code via long SIZE commands.

  • CVE-2006-5826Nov 10, 2006
    risk 0.04cvss epss 0.11

    Buffer overflow in Texas Imperial Software WFTPD Pro Server 3.23.1.1 allows remote authenticated users to execute arbitrary code or cause a denial of service (application crash) via crafted APPE commands that contain "/" (slash) or "\" (backslash) characters.

  • CVE-2000-0644Jul 21, 2000
    risk 0.04cvss epss 0.07

    WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of service by executing a STAT command while the LIST command is still executing.

  • CVE-1999-0950Oct 28, 1999
    risk 0.04cvss epss 0.08

    Buffer overflow in WFTPD FTP server allows remote attackers to gain root access via a series of MKD and CWD commands that create nested directories.

  • CVE-2007-6473Dec 20, 2007
    risk 0.03cvss epss 0.03

    Heap-based buffer overflow in Texas Imperial Software WFTPD Pro Explorer 1.0 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command.

  • CVE-2007-0311Jan 18, 2007
    risk 0.03cvss epss 0.03

    Texas Imperial Software WFTPD and WFTPD Pro Server 3.25 and earlier allow remote attackers to cause a denial of service (application crash) via a long SITE ADMIN command.

  • CVE-2004-2367Dec 31, 2004
    risk 0.03cvss epss 0.03

    The Control Panel applet in WFTPD and WFTPD Pro 3.21 R1 and R2 allows remote authenticated users to cause a denial of service (crash) via a long FTP command.

  • CVE-2004-0340Nov 23, 2004
    risk 0.03cvss epss 0.01

    Stack-based buffer overflow in WFTPD Pro Server 3.21 Release 1, Pro Server 3.20 Release 2, Server 3.21 Release 1, and Server 3.10 allows local users to execute arbitrary code via long (1) LIST, (2) NLST, or (3) STAT commands.

  • CVE-2004-1642Aug 29, 2004
    risk 0.03cvss epss 0.03

    WFTPD Pro Server 3.21 allows remote authenticated users to cause a denial of service (crash) via a series of long MLIST commands.

  • CVE-2001-0296May 3, 2001
    risk 0.03cvss epss 0.05

    Buffer overflow in WFTPD Pro 3.00 allows remote attackers to execute arbitrary commands via a long CWD command.

  • CVE-2000-0645Jul 21, 2000
    risk 0.03cvss epss 0.05

    WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of service by using the RESTART (REST) command and writing beyond the end of a file, or writing to a file that does not exist, via commands such as STORE UNIQUE (STOU), STORE (STOR), or APPEND (APPE).

  • CVE-2000-0647Jul 21, 2000
    risk 0.03cvss epss 0.05

    WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of service by executing an MLST command before logging into the server.

  • CVE-2000-0648Jul 11, 2000
    risk 0.03cvss epss 0.04

    WFTPD and WFTPD Pro 2.41 allows local users to cause a denial of service by executing the RENAME TO (RNTO) command before a RENAME FROM (RNFR) command.

  • CVE-2023-33263May 25, 2023
    risk 0.00cvss epss 0.01

    In WFTPD 3.25, usernames and password hashes are stored in an openly viewable wftpd.ini configuration file within the WFTPD directory. NOTE: this is a product from 2006.

  • CVE-2004-0341Nov 23, 2004
    risk 0.00cvss epss 0.00

    WFTPD Pro Server 3.21 Release 1 allocates memory for a command until a 0Ah byte (newline) is sent, which allows local users to cause a denial of service (CPU consumption) by continuing to send a long command that does not contain a newline.

  • CVE-2001-0695Sep 20, 2001
    risk 0.00cvss epss 0.01

    WFTPD 3.00 R5 allows a remote attacker to cause a denial of service by making repeated requests to cd to the floppy drive (A:\).

  • CVE-2001-0694Sep 20, 2001
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in WFTPD 3.00 R5 allows a remote attacker to view arbitrary files via a dot dot attack in the CD command.

  • CVE-2000-1101Jan 9, 2001
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in Winsock FTPd (WFTPD) 3.00 and 2.41 with the "Restrict to home directory" option enabled allows local users to escape the home directory via a "/../" string, a variation of the .. (dot dot) attack.

  • CVE-2000-0875Nov 14, 2000
    risk 0.00cvss epss 0.02

    WFTPD and WFTPD Pro 2.41 RC12 allows remote attackers to cause a denial of service by sending a long string of unprintable characters.