CVE-2005-1806

PeerCast < 0.1211 - Remote Code Execution via Format String in URL

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2005-1806. PoCs published by darkeagle, GulfTech Security.

AI-analyzed exploit summary This exploit leverages a format string vulnerability in PeerCast <= 0.1211 to overwrite a GOT entry and redirect execution to shellcode that binds a shell on port 4444. The exploit constructs a malicious HTTP GET request with format specifiers to achieve arbitrary memory writes.

Description

Format string vulnerability in PeerCast 0.1211 and earlier allows remote attackers to execute arbitrary code via format strings in the URL.

Exploits (2)

exploitdb WORKING POC VERIFIED
by darkeagle · cremotelinux
https://www.exploit-db.com/exploits/1055

This exploit leverages a format string vulnerability in PeerCast <= 0.1211 to overwrite a GOT entry and redirect execution to shellcode that binds a shell on port 4444. The exploit constructs a malicious HTTP GET request with format specifiers to achieve arbitrary memory writes.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: PeerCast <= 0.1211
No auth needed
Prerequisites: Network access to the target's PeerCast service on port 7144 · Target must be running a vulnerable version of PeerCast
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP
by GulfTech Security · textdoswindows
https://www.exploit-db.com/exploits/43826

The document describes a format string vulnerability in Peercast <= 0.1211, which can be exploited via a malformed URL request to crash the server or execute arbitrary code. The example provided demonstrates a simple DoS by sending a request with a format string specifier.

Classification
Writeup 90%
Attack Type
Rce | Dos
Complexity
Trivial
Reliability
Reliable
Target: Peercast <= 0.1211
No auth needed
Prerequisites: Network access to the Peercast server · Peercast server running on default or known port
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Third Party Advisory vendor-advisory x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200506-15.xml
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/15753
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=111746603629979&w=2
Exploit, Patch, Vendor Advisory x_refsource_misc
http://www.gulftech.org/?node=research&article_id=00077-05282005
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2005/0651
Exploit, Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/15536
Patch, Vendor Advisory x_refsource_confirm
http://www.peercast.org/forum/viewtopic.php?p=11596

Scores

EPSS 0.1194
EPSS Percentile 95.6%

Details

Status published
Products (1)
peercast/peercast < 0.1211
Published May 28, 2005
Tracked Since Feb 18, 2026