CVE-2008-6829

VicFTPS 5.0 - Denial of Service via Malformed LIST Command

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-6829. PoCs published by Alfons Luja, including Metasploit module auxiliary/dos/windows/ftp/vicftps50_list.

AI-analyzed exploit summary This exploit targets vicFTPS v5.0 by sending a malformed LIST command to trigger a remote denial-of-service (DoS). It establishes an FTP connection, logs in anonymously, and sends a crafted payload to crash the server.

Description

VicFTPS 5.0 allows remote attackers to cause a denial of service (crash) via a LIST command that starts with a "/\/" (forward slash, backward slash, forward slash). NOTE: this might be the same issue as CVE-2008-2031.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Alfons Luja · cdoswindows
https://www.exploit-db.com/exploits/6834

This exploit targets vicFTPS v5.0 by sending a malformed LIST command to trigger a remote denial-of-service (DoS). It establishes an FTP connection, logs in anonymously, and sends a crafted payload to crash the server.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: vicFTPS v5.0
No auth needed
Prerequisites: Network access to the target FTP server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/windows/ftp/vicftps50_list.rb

This Metasploit module exploits a denial-of-service vulnerability in Victory FTP Server 5.0 by sending a malformed LIST command with specific bytes (0x2f, 0x5c). The exploit requires valid FTP credentials and crashes the service upon execution.

Classification
Working Poc 100%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Victory FTP Server 5.0
Auth required
Prerequisites: Valid FTP credentials · Network access to the target FTP server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6834
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2927

Scores

EPSS 0.7022
EPSS Percentile 98.7%

Details

CWE
CWE-20
Status published
Products (1)
vicftps/vicftps 5.0
Published Jun 08, 2009
Tracked Since Feb 18, 2026