CVE-2008-4136

Michael Roth Software Pftp - Improper Input Validation

Title source: rule

Description

Michael Roth Software Personal FTP Server (PFT) 6.0f allows remote attackers to cause a denial of service (service crash) via multiple RETR commands, possibly involving long filenames.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Shinnok · cdoswindows

https://www.exploit-db.com/exploits/6458

View Code ZIP pw:eip

References (6)

[Various Sources] http://shinnok.evonet.ro/vulns_html/pftp.html

[Exploit] http://www.securityfocus.com/bid/31173

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/45129

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/6458

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1020897

[Third Party Advisory] http://secunia.com/advisories/31852

Scores

EPSS 0.1146

EPSS Percentile 93.6%

Details

CWE

CWE-20

Status published

Products (1)

michael_roth_software/pftp 6.0f

Published Sep 24, 2008

Tracked Since Feb 18, 2026