MidnightBSD

Advisories for texas_imperial_software

CVE-1999-0950 HIGH

Buffer overflow in WFTPD FTP server allows remote attackers to gain root access via a series of MKD and CWD commands that create nested directories.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
texas_imperial_software wftpd 2.34
texas_imperial_software wftpd 2.40
CVE-2000-0644 MEDIUM

WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of service by executing a STAT command while the LIST command is still executing.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
texas_imperial_software wftpd 2.4.1
texas_imperial_software wftpd 2.34
texas_imperial_software wftpd 2.4.1_rc11
texas_imperial_software wftpd 2.40
CVE-2000-0645 MEDIUM

WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of service by using the RESTART (REST) command and writing beyond the end of a file, or writing to a file that does not exist, via commands such as STORE UNIQUE (STOU), STORE (STOR), or APPEND (APPE).

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
texas_imperial_software wftpd 2.4.1
texas_imperial_software wftpd 2.34
texas_imperial_software wftpd 2.4.1_rc11
texas_imperial_software wftpd 2.40
CVE-2000-0646 MEDIUM

WFTPD and WFTPD Pro 2.41 allows remote attackers to obtain the real pathname for a file by executing a STATUS (STAT) command while the file is being transferred.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
texas_imperial_software wftpd 2.4.1
texas_imperial_software wftpd 2.34
texas_imperial_software wftpd 2.4.1_rc11
texas_imperial_software wftpd 2.40
CVE-2000-0647 MEDIUM

WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of service by executing an MLST command before logging into the server.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
texas_imperial_software wftpd 2.4.1
texas_imperial_software wftpd 2.34
texas_imperial_software wftpd 2.4.1_rc11
texas_imperial_software wftpd 2.40
CVE-2000-0648 MEDIUM

WFTPD and WFTPD Pro 2.41 allows local users to cause a denial of service by executing the RENAME TO (RNTO) command before a RENAME FROM (RNFR) command.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
texas_imperial_software wftpd 2.4.1
CVE-2000-0875 MEDIUM

WFTPD and WFTPD Pro 2.41 RC12 allows remote attackers to cause a denial of service by sending a long string of unprintable characters.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
texas_imperial_software wftpd 2.4.1
texas_imperial_software wftpd 2.4.1_rc12
texas_imperial_software wftpd_pro 2.41_rc12
texas_imperial_software wftpd 2.34
texas_imperial_software wftpd 2.4.1_rc11
texas_imperial_software wftpd 2.40
CVE-2000-0876 MEDIUM

WFTPD and WFTPD Pro 2.41 RC12 allows remote attackers to obtain the full pathname of the server via a "%C" command, which generates an error message that includes the pathname.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
texas_imperial_software wftpd 2.4.1
texas_imperial_software wftpd 2.4.1_rc12
texas_imperial_software wftpd_pro 2.41_rc12
texas_imperial_software wftpd 2.34
texas_imperial_software wftpd 2.4.1_rc11
texas_imperial_software wftpd 2.40
CVE-2000-1101 MEDIUM

Directory traversal vulnerability in Winsock FTPd (WFTPD) 3.00 and 2.41 with the "Restrict to home directory" option enabled allows local users to escape the home directory via a "/../" string, a variation of the .. (dot dot) attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
texas_imperial_software wftpd 2.41_rc14
texas_imperial_software wftpd 3.0
CVE-2001-0296 HIGH

Buffer overflow in WFTPD Pro 3.00 allows remote attackers to execute arbitrary commands via a long CWD command.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
texas_imperial_software wftpd_pro 3.00
CVE-2001-0694 HIGH

Directory traversal vulnerability in WFTPD 3.00 R5 allows a remote attacker to view arbitrary files via a dot dot attack in the CD command.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
texas_imperial_software wftpd 3.00_r5
CVE-2001-0695 MEDIUM

WFTPD 3.00 R5 allows a remote attacker to cause a denial of service by making repeated requests to cd to the floppy drive (A:\).

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
texas_imperial_software wftpd 3.00_r5
CVE-2004-0340 HIGH

Stack-based buffer overflow in WFTPD Pro Server 3.21 Release 1, Pro Server 3.20 Release 2, Server 3.21 Release 1, and Server 3.10 allows local users to execute arbitrary code via long (1) LIST, (2) NLST, or (3) STAT commands.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
texas_imperial_software wftpd 3.0_0r3
texas_imperial_software wftpd pro_3.20
texas_imperial_software wftpd 3.0_0r4
texas_imperial_software wftpd pro_3.21
texas_imperial_software wftpd 3.0_0r5
texas_imperial_software wftpd 3.10_r1
texas_imperial_software wftpd pro_3.10_r1
texas_imperial_software wftpd 3.0
texas_imperial_software wftpd 3.21
texas_imperial_software wftpd 3.20
CVE-2004-0341 LOW

WFTPD Pro Server 3.21 Release 1 allocates memory for a command until a 0Ah byte (newline) is sent, which allows local users to cause a denial of service (CPU consumption) by continuing to send a long command that does not contain a newline.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
texas_imperial_software wftpd 3.0_0r3
texas_imperial_software wftpd pro_3.20
texas_imperial_software wftpd 3.0_0r4
texas_imperial_software wftpd pro_3.21
texas_imperial_software wftpd 3.0_0r5
texas_imperial_software wftpd 3.10_r1
texas_imperial_software wftpd pro_3.10_r1
texas_imperial_software wftpd 3.0
texas_imperial_software wftpd 3.21
texas_imperial_software wftpd 3.20
CVE-2004-1642 MEDIUM

WFTPD Pro Server 3.21 allows remote authenticated users to cause a denial of service (crash) via a series of long MLIST commands.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
texas_imperial_software wftpd 3.21_r2
texas_imperial_software wftpd 3.21_r1
texas_imperial_software wftpd 3.21_r3
texas_imperial_software wftpd 3.21