CVE-1999-0080

Certain configurations of wu-ftp FTP server 2.4 use a PATHEXECPATH setting to a directory with dangerous commands, such as /bin, which allows remote authenticated users to gain root access via the "site exec" command...

EUVD-1999-0080

Malware in sbrugna...

EUVD-1999-0936

Malware in sbrugna...

CVE-1999-0955

Race condition in wu-ftpd and BSDI ftpd allows remote attackers to gain root access via the SITE EXEC command...

SUSE CVE-2000-0573

The lreply function in wu-ftpd 2.6.0 and earlier does not properly cleanse an untrusted format string, which allows remote attackers to execute arbitrary commands via the SITE EXEC command...

wu-ftpd 2.4.2/2.5 .0/2.6 .0 - Remote Format String Stack Overwrite (2)

No description provided by source. source: http://www.securityfocus.com/bid/1387/info Washington University ftp daemon wu-ftpd is a very popular unix ftp server shipped with many distributions of Linux and other UNIX operating systems. Wu-ftpd is vulnerable to a very serious remote attack in the...

Mandrake Linux Security Advisory : wu-ftpd (MDKSA-2000:014)

Wu-ftpd is vulnerable to a very serious remote attack in the SITE EXEC implementation. Because of user input going directly into a format string for a printf function, it is possible to overwrite important data, such as a return address, on the stack. When this is accomplished, the function can...

FTP Attack - Successful SITE EXEC Command

Binary data 6217.prm...

WU-FTPD - Site EXEC/INDEX Format String (Metasploit)

$Id: wuftpdsiteexecformat.rb 11166 2010-11-30 00:16:53Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Wu-ftpd SITE EXEC/INDEX Format String Vulnerability

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'wu-ftpd SITE...

WU-FTPD SITE EXEC/INDEX Format String Vulnerability

This module exploits a format string vulnerability in versions of the Washington University FTP server older than 2.6.1. By executing specially crafted SITE EXEC or SITE INDEX commands containing format specifiers, an attacker can corrupt memory and execute arbitrary code. This module requires...

wzdftpd unfiltered shell characters problem

popen unfiltered characters on SITE EXEC command...

Serv-U privilege escalation

With SITE EXEC command from local interface it's possible to execute any command with system privileges...

CVE-2000-0573

Summary (CVE-2000-0573) The vulnerability affects Wu-ftpd prior to 2.6.1, where the lreply/SITE EXEC (and SITE INDEX) path does not sanitize an untrusted format string. This allows remote attackers to execute arbitrary code (reported as root access) by sending crafted SITE EXEC/INDEX commands. Pu...

WU-FTPD 2.4.2/2.5 .0/2.6.0 - Remote Format String Stack Overwrite (3)

source: https://www.securityfocus.com/bid/1387/info Washington University ftp daemon wu-ftpd is a very popular unix ftp server shipped with many distributions of Linux and other UNIX operating systems. Wu-ftpd is vulnerable to a very serious remote attack in the SITE EXEC implementation. Because ...

Format string input validation error in wu-ftpd site_exec() function

Overview A vulnerability involving an input validation error in the "site exec" command has recently been identified in the Washington University ftpd wu-ftpd software package. Sites running affected systems are advised to update their wu-ftpd software as soon as possible. A similar but distinct...

WU-FTPD 2.4.22.5 .02.6.0 - Remote Format String Stack Overwrite (2)

WU-FTPD 2.4.22.5 .02.6.0 - Remote Format String Stack Overwrite 2 // source: https://www.securityfocus.com/bid/1387/info Washington University ftp daemon wu-ftpd is a very popular unix ftp server shipped with many distributions of Linux and other UNIX operating systems. Wu-ftpd is vulnerable to a...

WU-FTPD 2.4.2/2.5 .0/2.6.0 - Remote Format String Stack Overwrite (2)

// source: https://www.securityfocus.com/bid/1387/info Washington University ftp daemon wu-ftpd is a very popular unix ftp server shipped with many distributions of Linux and other UNIX operating systems. Wu-ftpd is vulnerable to a very serious remote attack in the SITE EXEC implementation. Becau...

WU-FTPD site_exec() Function Remote Format String

The version of WU-FTPD hosted on the remote server does not properly sanitize the argument of the SITE EXEC command. It may be possible for a remote attacker to gain root access. This script was written by Alexis de Bernis Changes by Tenable: - rely on the banner if we could not log in - changed...

Удаленный root через WU-FTPD

Классическое переполнение буфера в site exec...