Summary
Detail | |||
---|---|---|---|
Vendor | Texas Imperial Software | First view | 1999-10-28 |
Product | Wftpd | Last view | 2007-01-17 |
Version | Type | Application | |
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
Date | Alert | Description | |
---|---|---|---|
5 | 2007-01-17 | CVE-2007-0311 | Texas Imperial Software WFTPD and WFTPD Pro Server 3.25 and earlier allow remote attackers to cause a denial of service (application crash) via a long SITE ADMIN command. |
5.8 | 2006-11-09 | CVE-2006-5826 | Buffer overflow in Texas Imperial Software WFTPD Pro Server 3.23.1.1 allows remote authenticated users to execute arbitrary code or cause a denial of service (application crash) via crafted APPE commands that contain "/" (slash) or "\" (backslash) characters. |
6.5 | 2006-08-23 | CVE-2006-4318 | Buffer overflow in WFTPD Server 3.23 allows remote attackers to execute arbitrary code via long SIZE commands. |
2.1 | 2004-11-23 | CVE-2004-0342 | WFTPD Pro Server 3.21 Release 1, with the XeroxDocutech option enabled, allows local users to cause a denial of service (crash) via a (1) MKD or (2) XMKD command that causes an absolute path of 260 characters to be used, which overwrites a cookie with a null character, possibly due to an off-by-one error. |
2.1 | 2004-11-23 | CVE-2004-0341 | WFTPD Pro Server 3.21 Release 1 allocates memory for a command until a 0Ah byte (newline) is sent, which allows local users to cause a denial of service (CPU consumption) by continuing to send a long command that does not contain a newline. |
7.2 | 2004-11-23 | CVE-2004-0340 | Stack-based buffer overflow in WFTPD Pro Server 3.21 Release 1, Pro Server 3.20 Release 2, Server 3.21 Release 1, and Server 3.10 allows local users to execute arbitrary code via long (1) LIST, (2) NLST, or (3) STAT commands. |
5 | 2004-08-29 | CVE-2004-1642 | WFTPD Pro Server 3.21 allows remote authenticated users to cause a denial of service (crash) via a series of long MLIST commands. |
5 | 2001-09-20 | CVE-2001-0695 | WFTPD 3.00 R5 allows a remote attacker to cause a denial of service by making repeated requests to cd to the floppy drive (A:\). |
7.5 | 2001-09-20 | CVE-2001-0694 | Directory traversal vulnerability in WFTPD 3.00 R5 allows a remote attacker to view arbitrary files via a dot dot attack in the CD command. |
5 | 2001-07-01 | CVE-2001-1386 | WFTPD 3.00 allows remote attackers to read arbitrary files by uploading a (link) file that ends in a ".lnk." extension, which bypasses WFTPD's check for a ".lnk" extension. |
5 | 2001-01-09 | CVE-2000-1101 | Directory traversal vulnerability in Winsock FTPd (WFTPD) 3.00 and 2.41 with the "Restrict to home directory" option enabled allows local users to escape the home directory via a "/../" string, a variation of the .. (dot dot) attack. |
5 | 2000-11-14 | CVE-2000-0876 | WFTPD and WFTPD Pro 2.41 RC12 allows remote attackers to obtain the full pathname of the server via a "%C" command, which generates an error message that includes the pathname. |
5 | 2000-11-14 | CVE-2000-0875 | WFTPD and WFTPD Pro 2.41 RC12 allows remote attackers to cause a denial of service by sending a long string of unprintable characters. |
5 | 2000-07-21 | CVE-2000-0647 | WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of service by executing an MLST command before logging into the server. |
5 | 2000-07-21 | CVE-2000-0646 | WFTPD and WFTPD Pro 2.41 allows remote attackers to obtain the real pathname for a file by executing a STATUS (STAT) command while the file is being transferred. |
6.4 | 2000-07-21 | CVE-2000-0645 | WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of service by using the RESTART (REST) command and writing beyond the end of a file, or writing to a file that does not exist, via commands such as STORE UNIQUE (STOU), STORE (STOR), or APPEND (APPE). |
5 | 2000-07-21 | CVE-2000-0644 | WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of service by executing a STAT command while the LIST command is still executing. |
5 | 2000-07-11 | CVE-2000-0648 | WFTPD and WFTPD Pro 2.41 allows local users to cause a denial of service by executing the RENAME TO (RNTO) command before a RENAME FROM (RNFR) command. |
10 | 1999-10-28 | CVE-1999-0950 | Buffer overflow in WFTPD FTP server allows remote attackers to gain root access via a series of MKD and CWD commands that create nested directories. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
100% (1) | CWE-200 | Information Exposure |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
56536 | WFTPD SITE ADMIN Command Handling Remote DoS |
31243 | Windows NT FTP Server (WFTP) Pro Server APPE Command Overflow |
28134 | Windows NT FTP Server (WFTP) Server SIZE Command Remote Overflow |
14765 | Windows NT FTP Server (WFTP) Pro Server MKD/XMKD Absolute Path DoS |
14764 | Windows NT FTP Server (WFTP) Pro Server Unterminated Long Command DoS |
14763 | Windows NT FTP Server (WFTP) Pro Server Multiple Command Local Overflow |
14762 | Windows NT FTP Server (WFTP) STAT Command File Transfer Path Disclosure |
14761 | Windows NT FTP Server (WFTP) REST Command Malformed File Write DoS |
14269 | Windows NT FTP Server (WFTP) .lnk Traversal Arbitrary File Access |
13945 | Windows NT FTP Server (WFTP) Floppy Drive CD Request DoS |
9398 | WFTPD Pro Server MLST Command DoS |
7746 | Windows NT FTP Server (WFTP) CD Command Arbitrary File Access |
5833 | Windows NT FTP Server (WFTP) Unprintable Character Overflow |
5829 | Windows NT FTP Server (WFTP) Error Message Server Path Disclosure |
4114 | Windows NT FTP Server (WFTP) Server STAT/LIST Command DoS |
1665 | Winsock FTPd Directory Traversal |
1477 | Windows NT FTP Server (WFTP) STAT/LIST Command DoS |
1130 | Windows NT FTP Server (WFTP) MKD/CWD Nested Command Remote Overflow |
386 | Windows NT FTP Server (WFTP) Unauthenticated MLST Command Remote DoS |
365 | Windows NT FTP Server (WFTP) Out of Sequence RNTO Command Remote DoS |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | SIZE overflow attempt RuleID : 8415 - Type : PROTOCOL-FTP - Revision : 7 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2007-02-19 | Name: The remote FTP server is affected by a buffer overflow vulnerability. File: wftpd_appe_overflow.nasl - Type: ACT_DENIAL |
2004-02-29 | Name: Arbitrary code may be run on the remote host. File: wftp_321_overflow.nasl - Type: ACT_MIXED_ATTACK |
2000-08-03 | Name: The remote FTP server is affected by a denial of service vulnerability. File: wftp_241_dos.nasl - Type: ACT_MIXED_ATTACK |
2000-07-15 | Name: The remote FTP server is affected by a denial of service vulnerability. File: wftp_dos.nasl - Type: ACT_MIXED_ATTACK |
1999-08-31 | Name: The remote FTP server has a remote buffer overflow vulnerability. File: wu_ftpd_overflow.nasl - Type: ACT_MIXED_ATTACK |