CVE-2004-0340

WFTPD Pro Server 3.21 Release 1 and earlier - Stack-based Buffer Overflow via Long LIST NLST or STAT Commands

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-0340. PoCs published by rdxaxl.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in WFTPD Server/Pro versions 3.21 and earlier. It uses a crafted LIST command with a malicious payload to achieve remote code execution on Windows XP SP1.

Description

Stack-based buffer overflow in WFTPD Pro Server 3.21 Release 1, Pro Server 3.20 Release 2, Server 3.21 Release 1, and Server 3.10 allows local users to execute arbitrary code via long (1) LIST, (2) NLST, or (3) STAT commands.

Exploits (1)

exploitdb WORKING POC VERIFIED
by rdxaxl · cremotewindows
https://www.exploit-db.com/exploits/159

This exploit targets a buffer overflow vulnerability in WFTPD Server/Pro versions 3.21 and earlier. It uses a crafted LIST command with a malicious payload to achieve remote code execution on Windows XP SP1.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: WFTPD Server/Pro (versions 3.21 and earlier)
No auth needed
Prerequisites: Network access to the vulnerable WFTPD server · Target running Windows XP SP1 (or similar OS with matching kernel32.dll addresses)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15340
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/11001
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=107801208004699&w=2
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/9767

Scores

EPSS 0.0129
EPSS Percentile 66.6%

Details

Status published
Products (10)
texas_imperial_software/wftpd 3.0 (2 CPE variants)
texas_imperial_software/wftpd 3.0_0r3
texas_imperial_software/wftpd 3.0_0r4 (2 CPE variants)
texas_imperial_software/wftpd 3.0_0r5 (2 CPE variants)
texas_imperial_software/wftpd 3.10_r1
texas_imperial_software/wftpd 3.20
texas_imperial_software/wftpd 3.21
texas_imperial_software/wftpd pro_3.10_r1
texas_imperial_software/wftpd pro_3.20
texas_imperial_software/wftpd pro_3.21
Published Nov 23, 2004
Tracked Since Feb 18, 2026