Primary

Context

PCMan FTP Server Buffer Overflow Vulnerability in 'pwd' Command Allowing Remote Code Execution

Vulnerability

A buffer overflow vulnerability has been identified in PCMan FTP Server version 2.0. The issue arises in the 'pwd' command, where remote attackers can execute arbitrary code by sending a specially crafted payload during the FTP login process. This payload overwrites memory and could potentially lead to system access.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected system.

Reproduction

The vulnerability can be reproduced by connecting to the FTP server and logging in with a username and password. After logging in, the 'pwd' command can be issued with a payload that exploits the buffer overflow vulnerability. The exploit can be crafted using tools like msfvenom to generate a payload that, when sent as part of the 'pwd' command, overwrites memory and executes arbitrary code.

Added: Dec 12, 2025, 8:25 PM

Updated: Dec 12, 2025, 8:25 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

10.0

exploitability

9.7

remediation

0.0

relevance

1.3

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

10.0

exploitability

9.7

remediation

0.0

relevance

1.3

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PCMan FTP Server Buffer Overflow Vulnerability in 'pwd' Command Allowing Remote Code Execution

Vulnerability

Impact

Reproduction

Affected Products

PCMan FTP Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating