University of Washington
The University of Washington is a public research university in Seattle, Washington, United States. Founded 165 years ago in 1861, it is one of the oldest universities on the West Coast.
Products
12- 23 CVEs
- 16 CVEs
- 13 CVEs
- 4 CVEs
- 4 CVEs
- 3 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
59| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-19518 | 0.11 | — | 0.95 | Nov 25, 2018 | University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection,… | |||
| CVE-2001-0550 | 0.09 | — | 0.75 | Nov 30, 2001 | wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a "~{" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob). | |||
| CVE-2000-0284 | 0.09 | — | 0.69 | Apr 16, 2000 | Buffer overflow in University of Washington imapd version 4.7 allows users with a valid account to execute commands via LIST or other commands. | |||
| CVE-2000-0574 | 0.08 | — | 0.59 | Jul 7, 2000 | FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do not properly cleanse untrusted format strings that are used in the setproctitle function (sometimes called by set_proc_title), which allows remote attackers to cause a denial of service or execute arbitrary… | |||
| CVE-1999-0920 | 0.06 | — | 0.32 | May 26, 1999 | Buffer overflow in the pop-2d POP daemon in the IMAP package allows remote attackers to gain privileges via the FOLD command. | |||
| CVE-1999-0368 | 0.06 | — | 0.39 | Feb 9, 1999 | Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto. | |||
| CVE-2002-0379 | 0.05 | — | 0.19 | Jun 25, 2002 | Buffer overflow in University of Washington imap server (uw-imapd) imap-2001 (imapd 2001.315) and imap-2001a (imapd 2001.315) with legacy RFC 1730 support, and imapd 2000.287 and earlier, allows remote authenticated users to execute arbitrary code via a long BODY request. | |||
| CVE-1999-0005 | 0.05 | — | 0.18 | Jul 20, 1998 | Arbitrary command execution via IMAP buffer overflow in authenticate command. | |||
| CVE-2003-0853 | 0.04 | — | 0.10 | Nov 17, 2003 | An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd. | |||
| CVE-2003-0720 | 0.04 | — | 0.13 | Sep 17, 2003 | Buffer overflow in PINE before 4.58 allows remote attackers to execute arbitrary code via a malformed message/external-body MIME type. | |||
| CVE-2002-1320 | 0.04 | — | 0.10 | Dec 11, 2002 | Pine 4.44 and earlier allows remote attackers to cause a denial of service (core dump and failed restart) via an email message with a From header that contains a large number of quotation marks ("). | |||
| CVE-2000-0909 | 0.04 | — | 0.12 | Dec 19, 2000 | Buffer overflow in the automatic mail checking component of Pine 4.21 and earlier allows remote attackers to execute arbitrary commands via a long From: header. | |||
| CVE-1999-0042 | 0.04 | — | 0.13 | Apr 7, 1997 | Buffer overflow in University of Washington's implementation of IMAP and POP servers. | |||
| CVE-2005-0256 | 0.03 | — | 0.05 | May 2, 2005 | The wu_fnmatch function in wu_fnmatch.c in wu-ftpd 2.6.1 and 2.6.2 allows remote attackers to cause a denial of service (CPU exhaustion by recursion) via a glob pattern with a large number of * (wildcard) characters, as demonstrated using the dir command. | |||
| CVE-2003-0854 | 0.03 | — | 0.01 | Nov 17, 2003 | ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd. | |||
| CVE-2002-2325 | 0.03 | — | 0.03 | Dec 31, 2002 | The c-client library in Internet Message Access Protocol (IMAP) dated before 2002 RC2, as used by Pine 4.20 through 4.44, allows remote attackers to cause a denial of service (client crash) via a MIME-encoded email with Content-Type header containing an empty boundary field. | |||
| CVE-2001-0736 | 0.03 | — | 0.01 | Oct 18, 2001 | Vulnerability in (1) pine before 4.33 and (2) the pico editor, included with pine, allows local users local users to overwrite arbitrary files via a symlink attack. | |||
| CVE-2001-0187 | 0.03 | — | 0.06 | Mar 26, 2001 | Format string vulnerability in wu-ftp 2.6.1 and earlier, when running with debug mode enabled, allows remote attackers to execute arbitrary commands via a malformed argument that is recorded in a PASV port assignment. | |||
| CVE-1999-0997 | 0.03 | — | 0.06 | Dec 20, 1999 | wu-ftp with FTP conversion enabled allows an attacker to execute commands via a malformed file name that is interpreted as an argument to the program that does the conversion, e.g. tar or uncompress. | |||
| CVE-2008-5005 | 0.01 | — | 0.06 | Nov 10, 2008 | Multiple stack-based buffer overflows in (1) University of Washington IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine 2.00 and earlier, and (3) Panda IMAP allow (a) local users to gain privileges by specifying a long folder extension argument on the command… |
- CVE-2018-19518Nov 25, 2018risk 0.11cvss —epss 0.95
University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection,…
- CVE-2001-0550Nov 30, 2001risk 0.09cvss —epss 0.75
wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a "~{" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob).
- CVE-2000-0284Apr 16, 2000risk 0.09cvss —epss 0.69
Buffer overflow in University of Washington imapd version 4.7 allows users with a valid account to execute commands via LIST or other commands.
- CVE-2000-0574Jul 7, 2000risk 0.08cvss —epss 0.59
FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do not properly cleanse untrusted format strings that are used in the setproctitle function (sometimes called by set_proc_title), which allows remote attackers to cause a denial of service or execute arbitrary…
- CVE-1999-0920May 26, 1999risk 0.06cvss —epss 0.32
Buffer overflow in the pop-2d POP daemon in the IMAP package allows remote attackers to gain privileges via the FOLD command.
- CVE-1999-0368Feb 9, 1999risk 0.06cvss —epss 0.39
Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto.
- CVE-2002-0379Jun 25, 2002risk 0.05cvss —epss 0.19
Buffer overflow in University of Washington imap server (uw-imapd) imap-2001 (imapd 2001.315) and imap-2001a (imapd 2001.315) with legacy RFC 1730 support, and imapd 2000.287 and earlier, allows remote authenticated users to execute arbitrary code via a long BODY request.
- CVE-1999-0005Jul 20, 1998risk 0.05cvss —epss 0.18
Arbitrary command execution via IMAP buffer overflow in authenticate command.
- CVE-2003-0853Nov 17, 2003risk 0.04cvss —epss 0.10
An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd.
- CVE-2003-0720Sep 17, 2003risk 0.04cvss —epss 0.13
Buffer overflow in PINE before 4.58 allows remote attackers to execute arbitrary code via a malformed message/external-body MIME type.
- CVE-2002-1320Dec 11, 2002risk 0.04cvss —epss 0.10
Pine 4.44 and earlier allows remote attackers to cause a denial of service (core dump and failed restart) via an email message with a From header that contains a large number of quotation marks (").
- CVE-2000-0909Dec 19, 2000risk 0.04cvss —epss 0.12
Buffer overflow in the automatic mail checking component of Pine 4.21 and earlier allows remote attackers to execute arbitrary commands via a long From: header.
- CVE-1999-0042Apr 7, 1997risk 0.04cvss —epss 0.13
Buffer overflow in University of Washington's implementation of IMAP and POP servers.
- CVE-2005-0256May 2, 2005risk 0.03cvss —epss 0.05
The wu_fnmatch function in wu_fnmatch.c in wu-ftpd 2.6.1 and 2.6.2 allows remote attackers to cause a denial of service (CPU exhaustion by recursion) via a glob pattern with a large number of * (wildcard) characters, as demonstrated using the dir command.
- CVE-2003-0854Nov 17, 2003risk 0.03cvss —epss 0.01
ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd.
- CVE-2002-2325Dec 31, 2002risk 0.03cvss —epss 0.03
The c-client library in Internet Message Access Protocol (IMAP) dated before 2002 RC2, as used by Pine 4.20 through 4.44, allows remote attackers to cause a denial of service (client crash) via a MIME-encoded email with Content-Type header containing an empty boundary field.
- CVE-2001-0736Oct 18, 2001risk 0.03cvss —epss 0.01
Vulnerability in (1) pine before 4.33 and (2) the pico editor, included with pine, allows local users local users to overwrite arbitrary files via a symlink attack.
- CVE-2001-0187Mar 26, 2001risk 0.03cvss —epss 0.06
Format string vulnerability in wu-ftp 2.6.1 and earlier, when running with debug mode enabled, allows remote attackers to execute arbitrary commands via a malformed argument that is recorded in a PASV port assignment.
- CVE-1999-0997Dec 20, 1999risk 0.03cvss —epss 0.06
wu-ftp with FTP conversion enabled allows an attacker to execute commands via a malformed file name that is interpreted as an argument to the program that does the conversion, e.g. tar or uncompress.
- CVE-2008-5005Nov 10, 2008risk 0.01cvss —epss 0.06
Multiple stack-based buffer overflows in (1) University of Washington IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine 2.00 and earlier, and (3) Panda IMAP allow (a) local users to gain privileges by specifying a long folder extension argument on the command…