CVE-2002-1522

PowerFTP 2.24 - Buffer Overflow via Long USER Argument

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2002-1522. PoCs published by p0pt4rtz, subj, Morgan.

AI-analyzed exploit summary The exploit describes a vulnerability in PowerFTP server where sending an excessively long username via the FTP 'USER' command causes the server to crash, resulting in a denial of service (DoS). The provided information is a writeup rather than functional exploit code.

Description

Buffer overflow in PowerFTP FTP server 2.24, and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long USER argument.

Exploits (3)

exploitdb WRITEUP VERIFIED
by p0pt4rtz · textdoswindows
https://www.exploit-db.com/exploits/21909

The exploit describes a vulnerability in PowerFTP server where sending an excessively long username via the FTP 'USER' command causes the server to crash, resulting in a denial of service (DoS). The provided information is a writeup rather than functional exploit code.

Classification
Writeup 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: PowerFTP server (version not specified)
No auth needed
Prerequisites: Network access to the PowerFTP server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by subj · perldoswindows
https://www.exploit-db.com/exploits/21908

This exploit targets a stack overflow vulnerability in PowerFTP server by sending an excessively long username via the FTP 'USER' command, causing the server to crash. The PoC is written in Perl and demonstrates a denial-of-service (DoS) condition.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: PowerFTP server (version not specified)
No auth needed
Prerequisites: Network access to the target FTP server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Morgan · cdoswindows
https://www.exploit-db.com/exploits/21907

This exploit targets a buffer overflow vulnerability in PowerFTP server by sending an excessively long username via the FTP 'USER' command, causing a denial of service (DoS). The code initializes a socket connection to the target IP and port 21, then sends a buffer filled with 'A' characters to trigger the crash.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: PowerFTP server (all versions)
No auth needed
Prerequisites: Target IP address · Network connectivity to the target on port 21
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-10/0075.html
Exploit, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/5899
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-10/0194.html
Vendor Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/10286.php

Scores

EPSS 0.1363
EPSS Percentile 96.0%

Details

Status published
Products (4)
cooolsoft/powerftp 2.03
cooolsoft/powerftp 2.10
cooolsoft/powerftp 2.23
cooolsoft/powerftp 2.24
Published Apr 02, 2003
Tracked Since Feb 18, 2026