Description
Format string vulnerability in hsftp 1.11 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via file names containing format string characters that are not properly handled when executing an "ls" command.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
https://www.exploit-db.com/exploits/23740
References (5)
Scores
EPSS
0.1029
EPSS Percentile
93.2%
Details
Status
published
Products (7)
samhain_labs/hsftp
1.4
samhain_labs/hsftp
1.5
samhain_labs/hsftp
1.6
samhain_labs/hsftp
1.7
samhain_labs/hsftp
1.9
samhain_labs/hsftp
1.10
samhain_labs/hsftp
1.11
Published
Mar 15, 2004
Tracked Since
Feb 18, 2026