CVE-2009-3545

DataWizard Technologies FtpXQ FTP Server 3.0 - Authenticated Denial of Service via Long ABOR Command

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-3545. PoCs published by PLATEN.

AI-analyzed exploit summary This exploit triggers a denial of service (DoS) in FtpXQ FTP Server 3.0 by sending an oversized buffer (6300 bytes) via the ABOR command after authentication. The exploit establishes a connection, logs in, and sends the malicious payload to crash the server.

Description

DataWizard Technologies FtpXQ FTP Server 3.0 allows remote authenticated users to cause a denial of service (crash) via a long ABOR command.

Exploits (1)

exploitdb WORKING POC VERIFIED

by PLATEN · pythondoswindows

https://www.exploit-db.com/exploits/9664

View Code ZIP pw:eip

This exploit triggers a denial of service (DoS) in FtpXQ FTP Server 3.0 by sending an oversized buffer (6300 bytes) via the ABOR command after authentication. The exploit establishes a connection, logs in, and sends the malicious payload to crash the server.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: FtpXQ FTP Server 3.0

Auth required

Prerequisites: network access to the FTP server · valid FTP credentials

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Patch, Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/2655

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/36391

Exploit, Third Party Advisory exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/9664

Scores

EPSS 0.0219

EPSS Percentile 80.1%

Details

CWE

CWE-20

Status published

Products (1)

datawizard/ftpxq_server 3.0

Published Oct 05, 2009

Tracked Since Feb 18, 2026