washington_university 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
過去の問題は主に バッファオーバーフロー、vendor risk denial of service, and vendor risk integer handling などに関し、一部は アプリケーションクラッシュ を招き、vendor surface software deployment and vendor surface production workloads 関連の場面に影響します。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2005-0256 | The wu_fnmatch function in wu_fnmatch.c in wu-ftpd 2.6.1 and 2.6.2 allows remote attackers to cause a denial of service (CPU exhaustion by recursion) via a glob pattern with a large number of * (wildcard) characters, as demonstrated using the dir command. | [email protected] | 5.0 | 5.21% | 2005-05-02 | 2026-06-16 |
| CVE-2004-0148 | wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead. | [email protected] | 7.2 | 0.44% | 2004-04-15 | 2026-06-16 |
| CVE-2004-0185 | Buffer overflow in the skey_challenge function in ftpd.c for wu-ftp daemon (wu-ftpd) 2.6.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a s/key (SKEY) request with a long name. | [email protected] | 10.0 | 7.45% | 2004-03-15 | 2026-06-16 |
| CVE-2003-1329 | ftpd.c in wu-ftpd 2.6.2, when running on "operating systems that only allow one non-connected socket bound to the same local address," does not close failed connections, which allows remote attackers to cause a denial of service. | [email protected] | 7.8 | 1.27% | 2003-12-31 | 2026-06-16 |
| CVE-2003-1327 | Buffer overflow in the SockPrintf function in wu-ftpd 2.6.2 and earlier, when compiled with MAIL_ADMIN option enabled on a system that supports very long pathnames, might allow remote anonymous users to execute arbitrary code by uploading a file with a long pathname, which triggers the overflow when wu-ftpd constructs a notification message to the administrator. | [email protected] | 9.3 | 3.29% | 2003-12-31 | 2026-06-16 |
| CVE-2003-0854 | ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd. | [email protected] | 2.1 | 1.06% | 2003-11-17 | 2026-06-16 |
| CVE-2003-0853 | An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd. | [email protected] | 5.0 | 10.44% | 2003-11-17 | 2026-06-16 |
| CVE-2001-0550 | wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a "~{" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob). | [email protected] | 7.5 | 74.76% | 2001-11-30 | 2026-06-16 |
| CVE-2001-0935 | Vulnerability in wu-ftpd 2.6.0, and possibly earlier versions, which is unrelated to the ftpglob bug described in CVE-2001-0550. | [email protected] | 7.5 | 1.48% | 2001-11-28 | 2026-06-16 |
| CVE-2001-0187 | Format string vulnerability in wu-ftp 2.6.1 and earlier, when running with debug mode enabled, allows remote attackers to execute arbitrary commands via a malformed argument that is recorded in a PASV port assignment. | [email protected] | 10.0 | 5.67% | 2001-03-26 | 2026-06-16 |
| CVE-2000-0574 | FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do not properly cleanse untrusted format strings that are used in the setproctitle function (sometimes called by set_proc_title), which allows remote attackers to cause a denial of service or execute arbitrary commands. | [email protected] | 5.0 | 58.87% | 2000-07-07 | 2026-06-16 |
| CVE-1999-0878 | Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via MAPPING_CHDIR. | [email protected] | 10.0 | 2.22% | 1999-08-22 | 2026-06-16 |
| CVE-1999-0368 | Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto. | [email protected] | 10.0 | 39.84% | 1999-02-09 | 2026-06-16 |
| CVE-1999-0017 | FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce. | [email protected] | 7.5 | 1.96% | 1997-12-10 | 2026-06-16 |
| CVE-1999-0955 | Race condition in wu-ftpd and BSDI ftpd allows remote attackers to gain root access via the SITE EXEC command. | [email protected] | 7.6 | 2.52% | 1997-09-23 | 2026-06-16 |
| CVE-1999-1326 | wu-ftpd 2.4 FTP server does not properly drop privileges when an ABOR (abort file transfer) command is executed during a file transfer, which causes a signal to be handled incorrectly and allows local and possibly remote attackers to read arbitrary files. | [email protected] | 5.0 | 1.52% | 1997-07-04 | 2026-06-16 |
| CVE-1999-0156 | wu-ftpd FTP daemon allows any user and password combination. | [email protected] | 4.6 | 0.40% | 1997-07-01 | 2026-06-16 |
| CVE-1999-0076 | Buffer overflow in wu-ftp from PASV command causes a core dump. | [email protected] | 5.0 | 1.65% | 1997-07-01 | 2026-06-16 |
| CVE-1999-0081 | wu-ftp allows files to be overwritten via the rnfr command. | [email protected] | 5.0 | 1.58% | 1997-01-11 | 2026-06-16 |
| CVE-1999-0075 | PASV core dump in wu-ftpd daemon when attacker uses a QUOTE PASV command after specifying a username and password. | [email protected] | 5.0 | 1.57% | 1996-10-16 | 2026-06-16 |