CVE-2009-5141

Jgaa Warftpd - Format String Vulnerability

Title source: rule
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-5141. PoCs published by corelanc0d3r.

AI-analyzed exploit summary This exploit targets a format string vulnerability in War FTP Daemon 1.82 RC 12 via the LIST command, causing a remote DoS. It sends a crafted payload with repeated format specifiers to trigger an access violation.

Description

Format string vulnerability in War FTP Daemon (warftpd) 1.82 RC 12 allows remote authenticated users to cause a denial of service (crash) via format string specifiers in a LIST command.

Exploits (1)

exploitdb WORKING POC VERIFIED
by corelanc0d3r · pythondoswindows
https://www.exploit-db.com/exploits/9622

This exploit targets a format string vulnerability in War FTP Daemon 1.82 RC 12 via the LIST command, causing a remote DoS. It sends a crafted payload with repeated format specifiers to trigger an access violation.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Jgaa's War FTP Daemon 1.82 RC 12
Auth required
Prerequisites: Anonymous FTP access enabled · Network connectivity to target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/62599
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/9622
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2009-09/0105.html

Scores

EPSS 0.0279
EPSS Percentile 84.5%

Details

CWE
CWE-134
Status published
Products (1)
jgaa/warftpd 1.8.2 rc12
Published Apr 01, 2014
Tracked Since Feb 18, 2026