CVE-2006-6564

FileZilla Server <0.9.22 - DoS

Title source: llm

Description

FileZilla Server before 0.9.22 allows remote attackers to cause a denial of service (crash) via a malformed argument to the STOR command, which results in a NULL pointer dereference. NOTE: CVE analysis suggests that the problem might be due to a malformed PORT command.

Exploits (2)

exploitdb WORKING POC VERIFIED

by rgod · phpdoswindows

https://www.exploit-db.com/exploits/2901

View Code ZIP pw:eip

exploitdb WORKING POC

phpdoswindows

https://www.exploit-db.com/exploits/2914

View on exploitdb

References (4)

[Product] http://sourceforge.net/project/shownotes.php?release_id=470364&group_id=21558

[Various Sources] http://retrogod.altervista.org/filezilla_0921_dos.html

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/30853

[Third Party Advisory] http://www.vupen.com/english/advisories/2006/4937

Scores

EPSS 0.0733

EPSS Percentile 91.5%

Classification

Status draft

Affected Products (1)

filezilla/filezilla < 0.9.21

Timeline

Published Dec 15, 2006

Tracked Since Feb 18, 2026