wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a "~{" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob).
| Software | From | Fixed in |
|---|---|---|
| washington_university / wu-ftpd | 2.5.0 | 2.5.0.x |
| washington_university / wu-ftpd | 2.6.0 | 2.6.0.x |
| washington_university / wu-ftpd | 2.6.1 | 2.6.1.x |
| david_madore / ftpd-bsd | 0.3.2 | 0.3.2.x |
| david_madore / ftpd-bsd | 0.3.3 | 0.3.3.x |