CVE-2006-5826

WFTPD Pro Server 3.23.1.1 - Authenticated Buffer Overflow via APPE Command

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5826. PoCs published by Joxean Koret.

AI-analyzed exploit summary This exploit targets a buffer overflow in WFTPD Pro Server 3.23.1.1 via the APPE command, causing a denial-of-service (DoS). The PoC includes shellcode but is noted as only achieving DoS in its current form.

Description

Buffer overflow in Texas Imperial Software WFTPD Pro Server 3.23.1.1 allows remote authenticated users to execute arbitrary code or cause a denial of service (application crash) via crafted APPE commands that contain "/" (slash) or "\" (backslash) characters.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Joxean Koret · pythondoswindows

https://www.exploit-db.com/exploits/2734

View Code ZIP pw:eip

This exploit targets a buffer overflow in WFTPD Pro Server 3.23.1.1 via the APPE command, causing a denial-of-service (DoS). The PoC includes shellcode but is noted as only achieving DoS in its current form.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: WFTPD Pro Server 3.23.1.1

No auth needed

Prerequisites: Network access to the FTP server · FTP service running on target

MITRE ATT&CK