CVE-2007-0019

Rumpus FTP Server < 5.1 - Authenticated Remote Code Execution via Long LIST Command

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-0019. PoCs published by MoAB.

AI-analyzed exploit summary This exploit demonstrates two vulnerabilities in Rumpus FTP Server: a heap buffer overflow via FTP LIST command and a local privilege escalation via PATH manipulation. The PoC includes shellcode and command injection techniques.

Description

Multiple heap-based buffer overflows in rumpusd in Rumpus 5.1 and earlier (1) allow remote authenticated users to execute arbitrary code via a long LIST command and other unspecified requests to the FTP service, and (2) allow remote attackers to execute arbitrary code via unspecified requests to the HTTP service.

Exploits (1)

exploitdb WORKING POC VERIFIED

by MoAB · rubylocalosx

https://www.exploit-db.com/exploits/3156

View Code ZIP pw:eip

This exploit demonstrates two vulnerabilities in Rumpus FTP Server: a heap buffer overflow via FTP LIST command and a local privilege escalation via PATH manipulation. The PoC includes shellcode and command injection techniques.

Classification

Working Poc 95%

Attack Type

Rce | Lpe

Complexity

Moderate

Reliability

Reliable

Target: Rumpus FTP Server (version not specified)

Auth required

Prerequisites: Network access to FTP server · Valid FTP credentials (including anonymous) · Local access for privilege escalation

MITRE ATT&CK