CVSS: 9.1EPSS: 30%CPEs: 1EXPL: 0CVE-2005-0198
https://notcve.org/view.php?id=CVE-2005-0198
06 Feb 2005 — A logic error in the CRAM-MD5 code for the University of Washington IMAP (UW-IMAP) server, when Challenge-Response Authentication Mechanism with MD5 (CRAM-MD5) is enabled, does not properly enforce all the required conditions for successful authentication, which allows remote attackers to authenticate as arbitrary users. • http://secunia.com/advisories/14057 •
CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 0CVE-2004-0148
https://notcve.org/view.php?id=CVE-2004-0148
15 Apr 2004 — wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead. wu-ftpd 2.6.2 y anteriores, con la opción restricted-gid activada, permite a usuarios locales saltarse restricciones de acceso cambiando los permisos para impedir el acceso a su directorio home, lo que hace que wu-ftpd use el directorio raíz en su lugar. • http://marc.info/?l=bugtraq&m=108999466902690&w=2 •
CVSS: 10.0EPSS: 7%CPEs: 1EXPL: 1CVE-2004-0185
https://notcve.org/view.php?id=CVE-2004-0185
15 Mar 2004 — Buffer overflow in the skey_challenge function in ftpd.c for wu-ftp daemon (wu-ftpd) 2.6.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a s/key (SKEY) request with a long name. Desbordamiento de búfer en la función skey_challenge en ftpd.c de wu-ftp daemon (wu-ftpd) 2.6.2 permite a atacantes remotos causar una denegación de servicio y posiblemente ejecutar código arbitrario mediante una petición s/key (SKEY) con un nombre muy grande. • ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/skeychallenge.patch •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2003-1327
https://notcve.org/view.php?id=CVE-2003-1327
31 Dec 2003 — Buffer overflow in the SockPrintf function in wu-ftpd 2.6.2 and earlier, when compiled with MAIL_ADMIN option enabled on a system that supports very long pathnames, might allow remote anonymous users to execute arbitrary code by uploading a file with a long pathname, which triggers the overflow when wu-ftpd constructs a notification message to the administrator. • http://archives.neohapsis.com/archives/bugtraq/2003-09/0348.html •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2003-1329
https://notcve.org/view.php?id=CVE-2003-1329
31 Dec 2003 — ftpd.c in wu-ftpd 2.6.2, when running on "operating systems that only allow one non-connected socket bound to the same local address," does not close failed connections, which allows remote attackers to cause a denial of service. • ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/connect-dos.patch •
CVSS: 7.8EPSS: 2%CPEs: 26EXPL: 2CVE-2003-0853 – Coreutils 4.5.x - LS Width Argument Integer Overflow
https://notcve.org/view.php?id=CVE-2003-0853
25 Oct 2003 — An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd. Un desbordamiento de enteros en ls en los paquetes fileutils o coreutils puede permitir a usuarios locales causar una denegación de servicio o ejecutar código arbitrario mediante un valor -w, lo que podría ser explotado remotamente mediante aplicaciones que usan ls, ... • https://www.exploit-db.com/exploits/23274 •
CVSS: 5.5EPSS: 0%CPEs: 26EXPL: 1CVE-2003-0854 – WU-FTPD 2.6.2 - 'wuftpd-freezer.c' Remote Denial of Service
https://notcve.org/view.php?id=CVE-2003-0854
25 Oct 2003 — ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd. ls en los paquetes fileutils o coreutils permite a usuarios locales consumir una gran cantidad de memoria mediante un valor -w, lo que puede ser explotado remotamente mediante aplicaciones que usan ls, com wu-ftpd. • https://www.exploit-db.com/exploits/115 •
CVSS: 9.8EPSS: 19%CPEs: 13EXPL: 2CVE-2003-0720 – Pine 4.56 - Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2003-0720
12 Sep 2003 — Buffer overflow in PINE before 4.58 allows remote attackers to execute arbitrary code via a malformed message/external-body MIME type. Desbordamiento de búfer en PINE anteriores a 4.58 permite a atacantes remotos ejecuta código arbitrario mediante un tipo MIME "message/external-body" malformado. • https://www.exploit-db.com/exploits/99 •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 1CVE-2003-0721
https://notcve.org/view.php?id=CVE-2003-0721
12 Sep 2003 — Integer signedness error in rfc2231_get_param from strings.c in PINE before 4.58 allows remote attackers to execute arbitrary code via an email that causes an out-of-bounds array access using a negative number. Error de falta de signo de entero en rfc2231_get_param de strings.c en PINE anteriores a 4.58 permite a atacantes remotos ejecutar mediante un correo electrónico que causa un acceso fuera de límites de un array usando un número negativo. • http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009850.html • CWE-129: Improper Validation of Array Index •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2003-0297
https://notcve.org/view.php?id=CVE-2003-0297
15 May 2003 — c-client IMAP Client, as used in imap-2002b and Pine 4.53, allows remote malicious IMAP servers to cause a denial of service (crash) and possibly execute arbitrary code via certain large (1) literal and (2) mailbox size values that cause either integer signedness errors or integer overflow errors. El cliente IMAP, usado en imap-2002b y Pine 4.53, permite que servidores IMAP dañinos originen una denegación de servicio (caída) y posiblemente ejecuten código arbitrario mediante ciertos valores de mailbox deama... • http://marc.info/?l=bugtraq&m=105294024124163&w=2 •