VYPR
Vendor

University of Washington

The University of Washington is a public research university in Seattle, Washington, United States. Founded 165 years ago in 1861, it is one of the oldest universities on the West Coast.

Founded 1861
Products
12
CVEs
59
Across products
69
Status
Private

Products

12

Recent CVEs

59
View all 59 CVEs →
  • CVE-2018-19518Nov 25, 2018
    risk 0.11cvss epss 0.95

    University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection,…

  • CVE-2001-0550Nov 30, 2001
    risk 0.09cvss epss 0.75

    wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a "~{" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob).

  • CVE-2000-0284Apr 16, 2000
    risk 0.09cvss epss 0.69

    Buffer overflow in University of Washington imapd version 4.7 allows users with a valid account to execute commands via LIST or other commands.

  • CVE-2000-0574Jul 7, 2000
    risk 0.08cvss epss 0.59

    FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do not properly cleanse untrusted format strings that are used in the setproctitle function (sometimes called by set_proc_title), which allows remote attackers to cause a denial of service or execute arbitrary…

  • CVE-1999-0920May 26, 1999
    risk 0.06cvss epss 0.32

    Buffer overflow in the pop-2d POP daemon in the IMAP package allows remote attackers to gain privileges via the FOLD command.

  • CVE-1999-0368Feb 9, 1999
    risk 0.06cvss epss 0.39

    Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto.

  • CVE-2002-0379Jun 25, 2002
    risk 0.05cvss epss 0.19

    Buffer overflow in University of Washington imap server (uw-imapd) imap-2001 (imapd 2001.315) and imap-2001a (imapd 2001.315) with legacy RFC 1730 support, and imapd 2000.287 and earlier, allows remote authenticated users to execute arbitrary code via a long BODY request.

  • CVE-1999-0005Jul 20, 1998
    risk 0.05cvss epss 0.18

    Arbitrary command execution via IMAP buffer overflow in authenticate command.

  • CVE-2003-0853Nov 17, 2003
    risk 0.04cvss epss 0.10

    An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd.

  • CVE-2003-0720Sep 17, 2003
    risk 0.04cvss epss 0.13

    Buffer overflow in PINE before 4.58 allows remote attackers to execute arbitrary code via a malformed message/external-body MIME type.

  • CVE-2002-1320Dec 11, 2002
    risk 0.04cvss epss 0.10

    Pine 4.44 and earlier allows remote attackers to cause a denial of service (core dump and failed restart) via an email message with a From header that contains a large number of quotation marks (").

  • CVE-2000-0909Dec 19, 2000
    risk 0.04cvss epss 0.12

    Buffer overflow in the automatic mail checking component of Pine 4.21 and earlier allows remote attackers to execute arbitrary commands via a long From: header.

  • CVE-1999-0042Apr 7, 1997
    risk 0.04cvss epss 0.13

    Buffer overflow in University of Washington's implementation of IMAP and POP servers.

  • CVE-2005-0256May 2, 2005
    risk 0.03cvss epss 0.05

    The wu_fnmatch function in wu_fnmatch.c in wu-ftpd 2.6.1 and 2.6.2 allows remote attackers to cause a denial of service (CPU exhaustion by recursion) via a glob pattern with a large number of * (wildcard) characters, as demonstrated using the dir command.

  • CVE-2003-0854Nov 17, 2003
    risk 0.03cvss epss 0.01

    ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd.

  • CVE-2002-2325Dec 31, 2002
    risk 0.03cvss epss 0.03

    The c-client library in Internet Message Access Protocol (IMAP) dated before 2002 RC2, as used by Pine 4.20 through 4.44, allows remote attackers to cause a denial of service (client crash) via a MIME-encoded email with Content-Type header containing an empty boundary field.

  • CVE-2001-0736Oct 18, 2001
    risk 0.03cvss epss 0.01

    Vulnerability in (1) pine before 4.33 and (2) the pico editor, included with pine, allows local users local users to overwrite arbitrary files via a symlink attack.

  • CVE-2001-0187Mar 26, 2001
    risk 0.03cvss epss 0.06

    Format string vulnerability in wu-ftp 2.6.1 and earlier, when running with debug mode enabled, allows remote attackers to execute arbitrary commands via a malformed argument that is recorded in a PASV port assignment.

  • CVE-1999-0997Dec 20, 1999
    risk 0.03cvss epss 0.06

    wu-ftp with FTP conversion enabled allows an attacker to execute commands via a malformed file name that is interpreted as an argument to the program that does the conversion, e.g. tar or uncompress.

  • CVE-2008-5005Nov 10, 2008
    risk 0.01cvss epss 0.06

    Multiple stack-based buffer overflows in (1) University of Washington IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine 2.00 and earlier, and (3) Panda IMAP allow (a) local users to gain privileges by specifying a long folder extension argument on the command…