CVSS: 10.0EPSS: 89%CPEs: 8EXPL: 7CVE-2003-0466 – FreeBSD 4.8 - 'realpath()' Off-by-One Buffer Overflow
https://notcve.org/view.php?id=CVE-2003-0466
01 Aug 2003 — Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO. Error de fuera-por-uno (off-by-one) en la función fb_realpath(), derivada de la función realpath de BSD, pude permitir a atacantes ejecutar código... • https://www.exploit-db.com/exploits/22976 • CWE-193: Off-by-one Error •
CVSS: 9.8EPSS: 3%CPEs: 7EXPL: 1CVE-1999-0997 – WU-FTPD 2.4.2/2.5 .0/2.6.0/2.6.1/2.6.2 - FTP Conversion
https://notcve.org/view.php?id=CVE-1999-0997
20 Dec 1999 — wu-ftp with FTP conversion enabled allows an attacker to execute commands via a malformed file name that is interpreted as an argument to the program that does the conversion, e.g. tar or uncompress. • https://www.exploit-db.com/exploits/20563 •
CVSS: 10.0EPSS: 48%CPEs: 17EXPL: 2CVE-1999-0368 – WU-FTPD 2.4.2 / SCO Open Server 5.0.5 / ProFTPd 1.2 pre1 - 'realpath' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-1999-0368
09 Feb 1999 — Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto. • https://www.exploit-db.com/exploits/19086 •