WFTPD
Products
2- 5 CVEs
- 4 CVEs
Recent CVEs
9| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2004-0342 | Med | 0.36 | 5.5 | 0.00 | Nov 23, 2004 | WFTPD Pro Server 3.21 Release 1, with the XeroxDocutech option enabled, allows local users to cause a denial of service (crash) via a (1) MKD or (2) XMKD command that causes an absolute path of 260 characters to be used, which overwrites a cookie with a null character, possibly… | ||
| CVE-2006-4318 | 0.09 | — | 0.62 | Aug 24, 2006 | Buffer overflow in WFTPD Server 3.23 allows remote attackers to execute arbitrary code via long SIZE commands. | |||
| CVE-2004-0340 | 0.03 | — | 0.01 | Nov 23, 2004 | Stack-based buffer overflow in WFTPD Pro Server 3.21 Release 1, Pro Server 3.20 Release 2, Server 3.21 Release 1, and Server 3.10 allows local users to execute arbitrary code via long (1) LIST, (2) NLST, or (3) STAT commands. | |||
| CVE-2004-1642 | 0.03 | — | 0.03 | Aug 29, 2004 | WFTPD Pro Server 3.21 allows remote authenticated users to cause a denial of service (crash) via a series of long MLIST commands. | |||
| CVE-2000-0645 | 0.03 | — | 0.05 | Jul 21, 2000 | WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of service by using the RESTART (REST) command and writing beyond the end of a file, or writing to a file that does not exist, via commands such as STORE UNIQUE (STOU), STORE (STOR), or APPEND (APPE). | |||
| CVE-2004-0341 | 0.00 | — | 0.00 | Nov 23, 2004 | WFTPD Pro Server 3.21 Release 1 allocates memory for a command until a 0Ah byte (newline) is sent, which allows local users to cause a denial of service (CPU consumption) by continuing to send a long command that does not contain a newline. | |||
| CVE-2001-0694 | 0.00 | — | 0.02 | Sep 20, 2001 | Directory traversal vulnerability in WFTPD 3.00 R5 allows a remote attacker to view arbitrary files via a dot dot attack in the CD command. | |||
| CVE-2000-0875 | 0.00 | — | 0.02 | Nov 14, 2000 | WFTPD and WFTPD Pro 2.41 RC12 allows remote attackers to cause a denial of service by sending a long string of unprintable characters. | |||
| CVE-2000-0646 | 0.00 | — | 0.02 | Jul 21, 2000 | WFTPD and WFTPD Pro 2.41 allows remote attackers to obtain the real pathname for a file by executing a STATUS (STAT) command while the file is being transferred. |
- risk 0.36cvss 5.5epss 0.00
WFTPD Pro Server 3.21 Release 1, with the XeroxDocutech option enabled, allows local users to cause a denial of service (crash) via a (1) MKD or (2) XMKD command that causes an absolute path of 260 characters to be used, which overwrites a cookie with a null character, possibly…
- CVE-2006-4318Aug 24, 2006risk 0.09cvss —epss 0.62
Buffer overflow in WFTPD Server 3.23 allows remote attackers to execute arbitrary code via long SIZE commands.
- CVE-2004-0340Nov 23, 2004risk 0.03cvss —epss 0.01
Stack-based buffer overflow in WFTPD Pro Server 3.21 Release 1, Pro Server 3.20 Release 2, Server 3.21 Release 1, and Server 3.10 allows local users to execute arbitrary code via long (1) LIST, (2) NLST, or (3) STAT commands.
- CVE-2004-1642Aug 29, 2004risk 0.03cvss —epss 0.03
WFTPD Pro Server 3.21 allows remote authenticated users to cause a denial of service (crash) via a series of long MLIST commands.
- CVE-2000-0645Jul 21, 2000risk 0.03cvss —epss 0.05
WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of service by using the RESTART (REST) command and writing beyond the end of a file, or writing to a file that does not exist, via commands such as STORE UNIQUE (STOU), STORE (STOR), or APPEND (APPE).
- CVE-2004-0341Nov 23, 2004risk 0.00cvss —epss 0.00
WFTPD Pro Server 3.21 Release 1 allocates memory for a command until a 0Ah byte (newline) is sent, which allows local users to cause a denial of service (CPU consumption) by continuing to send a long command that does not contain a newline.
- CVE-2001-0694Sep 20, 2001risk 0.00cvss —epss 0.02
Directory traversal vulnerability in WFTPD 3.00 R5 allows a remote attacker to view arbitrary files via a dot dot attack in the CD command.
- CVE-2000-0875Nov 14, 2000risk 0.00cvss —epss 0.02
WFTPD and WFTPD Pro 2.41 RC12 allows remote attackers to cause a denial of service by sending a long string of unprintable characters.
- CVE-2000-0646Jul 21, 2000risk 0.00cvss —epss 0.02
WFTPD and WFTPD Pro 2.41 allows remote attackers to obtain the real pathname for a file by executing a STATUS (STAT) command while the file is being transferred.