CVE-2000-0647

WFTPD and WFTPD Pro 2.41 - Unauthenticated Denial of Service via MLST Command

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-0647. PoCs published by Blue Panda.

AI-analyzed exploit summary This exploit targets WFTPD/WFTPD Pro versions prior to 2.41 RC11 by sending an MLST command without authentication, causing a denial-of-service (DoS) condition. The script connects to the FTP server and sends the malicious command, which crashes the server if MLST is enabled.

Description

WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of service by executing an MLST command before logging into the server.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Blue Panda · perldoswindows

https://www.exploit-db.com/exploits/20102

View Code ZIP pw:eip

This exploit targets WFTPD/WFTPD Pro versions prior to 2.41 RC11 by sending an MLST command without authentication, causing a denial-of-service (DoS) condition. The script connects to the FTP server and sends the malicious command, which crashes the server if MLST is enabled.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: WFTPD/WFTPD Pro < 2.41 RC11

No auth needed

Prerequisites: MLST command must be enabled on the target FTP server

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Patch, Vendor Advisory mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2000-07/0295.html

Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/1506

Scores

EPSS 0.0527

EPSS Percentile 91.5%

Details

Status published

Products (4)

texas_imperial_software/wftpd 2.4.1

texas_imperial_software/wftpd 2.4.1_rc11

texas_imperial_software/wftpd 2.34

texas_imperial_software/wftpd 2.40

Published Jul 21, 2000

Tracked Since Feb 18, 2026