CVE-2004-2367

WFTPD and WFTPD Pro 3.21 R1 and R2 - Authenticated Denial of Service via Long FTP Command

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-2367. PoCs published by Beyond Security.

AI-analyzed exploit summary This Perl script exploits a denial-of-service vulnerability in WFTPD FTP Server version 3.21.1 by sending an FTP LIST command with an excessively long parameter (260 'A' characters), causing the server GUI to crash or become unstable.

Description

The Control Panel applet in WFTPD and WFTPD Pro 3.21 R1 and R2 allows remote authenticated users to cause a denial of service (crash) via a long FTP command.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Beyond Security · perldoswindows
https://www.exploit-db.com/exploits/23842

This Perl script exploits a denial-of-service vulnerability in WFTPD FTP Server version 3.21.1 by sending an FTP LIST command with an excessively long parameter (260 'A' characters), causing the server GUI to crash or become unstable.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: WFTPD FTP Server 3.21.1
Auth required
Prerequisites: Network access to the target FTP server · Valid credentials for authentication
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Various Sources x_refsource_confirm
http://www.wftpd.com/bug_gpf.htm
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/11160/
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15510
Exploit, Vendor Advisory x_refsource_misc
http://www.securiteam.com/windowsntfocus/5JP0B20CAY.html
Exploit, Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/9908

Scores

EPSS 0.0310
EPSS Percentile 86.1%

Details

Status published
Published Dec 31, 2004
Tracked Since Feb 18, 2026