cbcvebase.
CVE-2005-3081
published 2005-09-27

CVE-2005-3081: wzdftpd 0.5.4 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the SITE command.

PriorityP354medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EXPLOIT
EPSS
76.60%
99.5th percentile
wzdftpd 0.5.4 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the SITE command.

Affected

1 ranges
VendorProductVersion rangeFixed in
wzdftpdwzdftpd

Detection & IOCsextracted from sources · hover to see the quote

commandSITE <custom_site_cmd> | <cmd>;
commandSITE <sitecmd> |<cmd>;
other220 wzd server ready
  • Detect exploitation attempts by monitoring FTP SITE commands containing shell metacharacters (pipe `|` and semicolon `;`) sent to wzdftpd servers on port 21.
  • Identify vulnerable wzdftpd servers by matching the FTP banner string '220 wzd server ready' during reconnaissance or in network traffic.
  • Flag authenticated FTP sessions where a SITE command is immediately followed by a pipe character (`|`) and a semicolon-terminated string, indicating shell metacharacter injection.
  • Default credentials used by exploit: username 'guest', password '%' — alert on FTP logins using these credentials against wzdftpd servers.
  • ·Exploitation requires prior authentication to the FTP server; the vulnerability is only reachable by authenticated (including guest) users.
  • ·The exploit payload space is limited to 128 bytes, constraining the size of injected shell commands.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.