CVE-2000-0523

EServ 2.9.2 - Buffer Overflow via MKD Command

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-0523. PoCs published by Wizdumb.

AI-analyzed exploit summary This Java-based PoC exploits a heap buffer overflow in EType EServ's FTP server by sending an overly long MKD command argument. The vulnerability allows remote code execution due to improper bounds checking in the logging mechanism.

Description

Buffer overflow in the logging feature of EServ 2.9.2 and earlier allows an attacker to execute arbitrary commands via a long MKD command.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Wizdumb · javaremotewindows

https://www.exploit-db.com/exploits/19997

View Code ZIP pw:eip

This Java-based PoC exploits a heap buffer overflow in EType EServ's FTP server by sending an overly long MKD command argument. The vulnerability allows remote code execution due to improper bounds checking in the logging mechanism.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: EType EServ <= 2.9.2

Auth required

Prerequisites: Network access to the FTP server (port 21) · Valid or anonymous FTP credentials

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/4614

Vendor Advisory mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2000-06/0009.html

Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/1315

Scores

EPSS 0.0501

EPSS Percentile 91.1%

Details

Status published

Products (1)

etype/eserv 2.9.2

Published Jun 06, 2000

Tracked Since Feb 18, 2026