This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Texas Imperial Software First view 1999-10-28
Product Wftpd Last view 2007-01-17
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:texas_imperial_software:wftpd:2.40:*:*:*:*:*:*:* 9
cpe:2.3:a:texas_imperial_software:wftpd:2.4.1:*:*:*:*:*:*:* 9
cpe:2.3:a:texas_imperial_software:wftpd:2.4.1_rc11:*:*:*:*:*:*:* 8
cpe:2.3:a:texas_imperial_software:wftpd:2.34:*:*:*:*:*:*:* 8
cpe:2.3:a:texas_imperial_software:wftpd:3.0:*:pro:*:*:*:*:* 6
cpe:2.3:a:texas_imperial_software:wftpd:3.0_0r5:*:*:*:*:*:*:* 5
cpe:2.3:a:texas_imperial_software:wftpd:3.21:*:*:*:*:*:*:* 5
cpe:2.3:a:texas_imperial_software:wftpd:3.0_0r5:*:pro:*:*:*:*:* 5
cpe:2.3:a:texas_imperial_software:wftpd:3.0:*:*:*:*:*:*:* 5
cpe:2.3:a:texas_imperial_software:wftpd:3.0_0r4:*:pro:*:*:*:*:* 5
cpe:2.3:a:texas_imperial_software:wftpd:3.0_0r4:*:*:*:*:*:*:* 5
cpe:2.3:a:texas_imperial_software:wftpd:3.0_0r3:*:*:*:*:*:*:* 5
cpe:2.3:a:texas_imperial_software:wftpd:2.4.1_rc12:*:*:*:*:*:*:* 4
cpe:2.3:a:texas_imperial_software:wftpd:3.10_r1:*:*:*:*:*:*:* 4
cpe:2.3:a:texas_imperial_software:wftpd:3.20:*:*:*:*:*:*:* 4
cpe:2.3:a:texas_imperial_software:wftpd:3.00_r5:*:*:*:*:*:*:* 3
cpe:2.3:a:texas_imperial_software:wftpd:2.41_rc14:*:*:*:*:*:*:* 3
cpe:2.3:a:texas_imperial_software:wftpd:2.41_rc14:*:pro:*:*:*:*:* 3
cpe:2.3:a:texas_imperial_software:wftpd:pro_3.10_r1:*:*:*:*:*:*:* 3
cpe:2.3:a:texas_imperial_software:wftpd:pro_3.20:*:*:*:*:*:*:* 3
cpe:2.3:a:texas_imperial_software:wftpd:pro_3.21:*:*:*:*:*:*:* 3
cpe:2.3:a:texas_imperial_software:wftpd:3.21_r1:*:*:*:*:*:*:* 2
cpe:2.3:a:texas_imperial_software:wftpd:3.21_r2:*:*:*:*:*:*:* 2
cpe:2.3:a:texas_imperial_software:wftpd:3.21_r3:*:*:*:*:*:*:* 2
cpe:2.3:a:texas_imperial_software:wftpd:3.23:*:*:*:*:*:*:* 2
cpe:2.3:a:texas_imperial_software:wftpd:3.23.1.1:*:pro:*:*:*:*:* 2

Related : CVE

  Date Alert Description
5 2007-01-17 CVE-2007-0311

Texas Imperial Software WFTPD and WFTPD Pro Server 3.25 and earlier allow remote attackers to cause a denial of service (application crash) via a long SITE ADMIN command.

5.8 2006-11-09 CVE-2006-5826

Buffer overflow in Texas Imperial Software WFTPD Pro Server 3.23.1.1 allows remote authenticated users to execute arbitrary code or cause a denial of service (application crash) via crafted APPE commands that contain "/" (slash) or "\" (backslash) characters.

6.5 2006-08-23 CVE-2006-4318

Buffer overflow in WFTPD Server 3.23 allows remote attackers to execute arbitrary code via long SIZE commands.

2.1 2004-11-23 CVE-2004-0342

WFTPD Pro Server 3.21 Release 1, with the XeroxDocutech option enabled, allows local users to cause a denial of service (crash) via a (1) MKD or (2) XMKD command that causes an absolute path of 260 characters to be used, which overwrites a cookie with a null character, possibly due to an off-by-one error.

2.1 2004-11-23 CVE-2004-0341

WFTPD Pro Server 3.21 Release 1 allocates memory for a command until a 0Ah byte (newline) is sent, which allows local users to cause a denial of service (CPU consumption) by continuing to send a long command that does not contain a newline.

7.2 2004-11-23 CVE-2004-0340

Stack-based buffer overflow in WFTPD Pro Server 3.21 Release 1, Pro Server 3.20 Release 2, Server 3.21 Release 1, and Server 3.10 allows local users to execute arbitrary code via long (1) LIST, (2) NLST, or (3) STAT commands.

5 2004-08-29 CVE-2004-1642

WFTPD Pro Server 3.21 allows remote authenticated users to cause a denial of service (crash) via a series of long MLIST commands.

5 2001-09-20 CVE-2001-0695

WFTPD 3.00 R5 allows a remote attacker to cause a denial of service by making repeated requests to cd to the floppy drive (A:\).

7.5 2001-09-20 CVE-2001-0694

Directory traversal vulnerability in WFTPD 3.00 R5 allows a remote attacker to view arbitrary files via a dot dot attack in the CD command.

5 2001-07-01 CVE-2001-1386

WFTPD 3.00 allows remote attackers to read arbitrary files by uploading a (link) file that ends in a ".lnk." extension, which bypasses WFTPD's check for a ".lnk" extension.

5 2001-01-09 CVE-2000-1101

Directory traversal vulnerability in Winsock FTPd (WFTPD) 3.00 and 2.41 with the "Restrict to home directory" option enabled allows local users to escape the home directory via a "/../" string, a variation of the .. (dot dot) attack.

5 2000-11-14 CVE-2000-0876

WFTPD and WFTPD Pro 2.41 RC12 allows remote attackers to obtain the full pathname of the server via a "%C" command, which generates an error message that includes the pathname.

5 2000-11-14 CVE-2000-0875

WFTPD and WFTPD Pro 2.41 RC12 allows remote attackers to cause a denial of service by sending a long string of unprintable characters.

5 2000-07-21 CVE-2000-0647

WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of service by executing an MLST command before logging into the server.

5 2000-07-21 CVE-2000-0646

WFTPD and WFTPD Pro 2.41 allows remote attackers to obtain the real pathname for a file by executing a STATUS (STAT) command while the file is being transferred.

6.4 2000-07-21 CVE-2000-0645

WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of service by using the RESTART (REST) command and writing beyond the end of a file, or writing to a file that does not exist, via commands such as STORE UNIQUE (STOU), STORE (STOR), or APPEND (APPE).

5 2000-07-21 CVE-2000-0644

WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of service by executing a STAT command while the LIST command is still executing.

5 2000-07-11 CVE-2000-0648

WFTPD and WFTPD Pro 2.41 allows local users to cause a denial of service by executing the RENAME TO (RNTO) command before a RENAME FROM (RNFR) command.

10 1999-10-28 CVE-1999-0950

Buffer overflow in WFTPD FTP server allows remote attackers to gain root access via a series of MKD and CWD commands that create nested directories.

CWE : Common Weakness Enumeration

%idName
100% (1) CWE-200 Information Exposure

Open Source Vulnerability Database (OSVDB)

id Description
56536 WFTPD SITE ADMIN Command Handling Remote DoS
31243 Windows NT FTP Server (WFTP) Pro Server APPE Command Overflow
28134 Windows NT FTP Server (WFTP) Server SIZE Command Remote Overflow
14765 Windows NT FTP Server (WFTP) Pro Server MKD/XMKD Absolute Path DoS
14764 Windows NT FTP Server (WFTP) Pro Server Unterminated Long Command DoS
14763 Windows NT FTP Server (WFTP) Pro Server Multiple Command Local Overflow
14762 Windows NT FTP Server (WFTP) STAT Command File Transfer Path Disclosure
14761 Windows NT FTP Server (WFTP) REST Command Malformed File Write DoS
14269 Windows NT FTP Server (WFTP) .lnk Traversal Arbitrary File Access
13945 Windows NT FTP Server (WFTP) Floppy Drive CD Request DoS
9398 WFTPD Pro Server MLST Command DoS
7746 Windows NT FTP Server (WFTP) CD Command Arbitrary File Access
5833 Windows NT FTP Server (WFTP) Unprintable Character Overflow
5829 Windows NT FTP Server (WFTP) Error Message Server Path Disclosure
4114 Windows NT FTP Server (WFTP) Server STAT/LIST Command DoS
1665 Winsock FTPd Directory Traversal
1477 Windows NT FTP Server (WFTP) STAT/LIST Command DoS
1130 Windows NT FTP Server (WFTP) MKD/CWD Nested Command Remote Overflow
386 Windows NT FTP Server (WFTP) Unauthenticated MLST Command Remote DoS
365 Windows NT FTP Server (WFTP) Out of Sequence RNTO Command Remote DoS

Snort® IPS/IDS

Date Description
2014-01-10 SIZE overflow attempt
RuleID : 8415 - Type : PROTOCOL-FTP - Revision : 7

Nessus® Vulnerability Scanner

id Description
2007-02-19 Name: The remote FTP server is affected by a buffer overflow vulnerability.
File: wftpd_appe_overflow.nasl - Type: ACT_DENIAL
2004-02-29 Name: Arbitrary code may be run on the remote host.
File: wftp_321_overflow.nasl - Type: ACT_MIXED_ATTACK
2000-08-03 Name: The remote FTP server is affected by a denial of service vulnerability.
File: wftp_241_dos.nasl - Type: ACT_MIXED_ATTACK
2000-07-15 Name: The remote FTP server is affected by a denial of service vulnerability.
File: wftp_dos.nasl - Type: ACT_MIXED_ATTACK
1999-08-31 Name: The remote FTP server has a remote buffer overflow vulnerability.
File: wu_ftpd_overflow.nasl - Type: ACT_MIXED_ATTACK