CVE-2001-0550 – WU-FTPD 2.6.1 - Remote Command Execution
https://notcve.org/view.php?id=CVE-2001-0550
wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a "~{" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob). • https://www.exploit-db.com/exploits/348 https://www.exploit-db.com/exploits/21161 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000442 http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-036-01 http://marc.info/?l=bugtraq&m=100700363414799&w=2 http://www.caldera.com/support/security/advisories/CSSA-2001-041.0.txt http://www.cert.org/advisories/CA-2001-33.html http://www.debian.org/security/2001/dsa-087 http://www.kb.cert.org/vuls/ •
CVE-2001-0935
https://notcve.org/view.php?id=CVE-2001-0935
Vulnerability in wu-ftpd 2.6.0, and possibly earlier versions, which is unrelated to the ftpglob bug described in CVE-2001-0550. • http://www.novell.com/linux/security/advisories/2001_043_wuftpd_txt.html •
CVE-1999-0997 – WU-FTPD 2.4.2/2.5 .0/2.6.0/2.6.1/2.6.2 - FTP Conversion
https://notcve.org/view.php?id=CVE-1999-0997
wu-ftp with FTP conversion enabled allows an attacker to execute commands via a malformed file name that is interpreted as an argument to the program that does the conversion, e.g. tar or uncompress. • https://www.exploit-db.com/exploits/20563 http://www.debian.org/security/2003/dsa-377 •