Wzdftpd: Security Vulnerabilities
Off-by-one error in the do_login_loop function in libwzd-core/wzd_login.c in wzdftpd 0.8.0, 0.8.2, and possibly other versions allows remote attackers to cause a denial of service (daemon crash) via a long USER command that triggers a stack-based buffer overflow. NOTE: some of these details are obtained from third party information.
CVSS Score
5.0
EPSS Score
0.146
Published
2007-10-09
Unspecified vulnerability in the chtbl_lookup function in hash.c for WzdFTPD 8.0 and earlier allows remote attackers to cause a denial of service via a crafted FTP command, probably due to a NULL pointer dereference.
CVSS Score
5.0
EPSS Score
0.022
Published
2007-01-23
wzdftpd 0.5.4 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the SITE command.
CVSS Score
4.6
EPSS Score
0.502
Published
2005-09-27
wzdftpd 0.1rc4 and earlier allows remote attackers to cause a denial of service (crash) via a PORT command without an argument.
CVSS Score
5.0
EPSS Score
0.007
Published
2003-08-07