CVE-2009-4051

Home FTP Server 1.10.1.139 - Denial of Service via Invalid SITE INDEX Commands

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-4051. PoCs published by zhangmc.

AI-analyzed exploit summary This exploit demonstrates a denial-of-service (DoS) vulnerability in Home FTP Server 1.10.1.139 by sending multiple malformed 'SITE INDEX' commands with increasingly large payloads, causing the server to crash.

Description

Home FTP Server 1.10.1.139 allows remote attackers to cause a denial of service (daemon outage) via multiple invalid SITE INDEX commands.

Exploits (1)

exploitdb WORKING POC VERIFIED

by zhangmc · pythondoswindows

https://www.exploit-db.com/exploits/9852

View Code ZIP pw:eip

This exploit demonstrates a denial-of-service (DoS) vulnerability in Home FTP Server 1.10.1.139 by sending multiple malformed 'SITE INDEX' commands with increasingly large payloads, causing the server to crash.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Home FTP Server 1.10.1.139

Auth required

Prerequisites: Network access to the FTP server · Valid FTP credentials

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/37033

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/3269

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/507893/100/0/threaded

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/37381

Scores

EPSS 0.0621

EPSS Percentile 92.6%

Details

CWE

CWE-20

Status published

Products (1)

downstairs.dnsalias/home_ftp_server 1.10.1.139

Published Nov 23, 2009

Tracked Since Feb 18, 2026