CVE-2006-4318

WFTPD Server 3.23 - Remote Code Execution via Long SIZE Command

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2006-4318. PoCs published by Metasploit, h07, including Metasploit module exploits/windows/ftp/wftpd_size.

AI-analyzed exploit summary This exploit targets a buffer overflow in the SIZE verb of Texas Imperial Software WFTPD 3.23. It sends a maliciously crafted SIZE command to trigger the overflow and execute arbitrary code.

Description

Buffer overflow in WFTPD Server 3.23 allows remote attackers to execute arbitrary code via long SIZE commands.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16741

This exploit targets a buffer overflow in the SIZE verb of Texas Imperial Software WFTPD 3.23. It sends a maliciously crafted SIZE command to trigger the overflow and execute arbitrary code.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Texas Imperial Software WFTPD 3.23
Auth required
Prerequisites: Network access to the target FTP server · Valid credentials for authentication
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by h07 · cremotewindows
https://www.exploit-db.com/exploits/2233

This exploit targets a buffer overflow vulnerability in WFTPD server 3.23 via the SIZE command. It sends a crafted buffer with shellcode to achieve remote code execution, establishing a reverse shell to the attacker's specified IP and port.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: WFTPD server 3.23
Auth required
Prerequisites: Network access to the target FTP server · Valid credentials for authentication · Target system must be running a vulnerable version of WFTPD
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/ftp/wftpd_size.rb

This Metasploit module exploits a buffer overflow in the SIZE verb of Texas Imperial Software WFTPD 3.23. It sends a maliciously crafted SIZE command to trigger a stack-based overflow, leading to remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Texas Imperial Software WFTPD 3.23
Auth required
Prerequisites: Network access to the target FTP server · Valid FTP credentials
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.org/0608-exploits/wftpd_exp.c
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/21547
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/3357
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/28523
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/2233
Exploit vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1016723
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/19617
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/28134

Scores

EPSS 0.6232
EPSS Percentile 99.1%

Details

Status published
Products (1)
texas_imperial_software/wftpd 3.23
Published Aug 24, 2006
Tracked Since Feb 18, 2026