CVE-1999-0080
published 1995-11-30CVE-1999-0080: Certain configurations of wu-ftp FTP server 2.4 use a _PATH_EXECPATH setting to a directory with dangerous commands, such as /bin, which allows remote…
PriorityP434critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
3.90%
88.9th percentile
Certain configurations of wu-ftp FTP server 2.4 use a _PATH_EXECPATH setting to a directory with dangerous commands, such as /bin, which allows remote authenticated users to gain root access via the "site exec" command.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| washington_university | wu-ftpd | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
wu-ftpd 2.4 site exec Command privileges management (Nessus ID 10090 / ID 27006)
vuldb·2026-04-16·CVSS 10.0
CVE-1999-0080 [CRITICAL] wu-ftpd 2.4 site exec Command privileges management (Nessus ID 10090 / ID 27006)
A vulnerability categorized as critical has been discovered in wu-ftpd 2.4. This affects an unknown function of the component site exec Command. Executing a manipulation can lead to improper privilege management.
The identification of this vulnerability is CVE-1999-0080. The attack may be launched remotely. There is no exploit available.
It is advisable to upgrade the affected component.
GHSA
GHSA-92v4-w84x-g8q7: Certain configurations of wu-ftp FTP server 2
ghsa_unreviewed·2022-04-30
CVE-1999-0080 [HIGH] GHSA-92v4-w84x-g8q7: Certain configurations of wu-ftp FTP server 2
Certain configurations of wu-ftp FTP server 2.4 use a _PATH_EXECPATH setting to a directory with dangerous commands, such as /bin, which allows remote authenticated users to gain root access via the "site exec" command.
Suricata
GPL FTP SITE EXEC attempt
suricata·2010-09-23
CVE-1999-0080 GPL FTP SITE EXEC attempt
GPL FTP SITE EXEC attempt
Rule: alert ftp $EXTERNAL_NET any -> $HOME_NET any (msg:"GPL FTP SITE EXEC attempt"; flow:established,to_server; content:"SITE"; nocase; content:"EXEC"; distance:0; nocase; pcre:"/^SITE\s+EXEC/smi"; reference:arachnids,317; reference:bugtraq,2241; reference:cve,1999-0080; reference:cve,1999-0955; classtype:bad-unknown; sid:2100361; rev:18; metadata:created_at 2010_09_23, cve CVE_1999_0080, signature_severity Unknown, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_08;)
No public exploits indexed.
No writeups or analysis indexed.
1995-11-30
Published