Vulnerability Details : CVE-2013-4730
Public exploit exists!
Buffer overflow in PCMan's FTP Server 2.0.7 allows remote attackers to execute arbitrary code via a long string in a USER command.
Vulnerability category: OverflowExecute code
Exploit prediction scoring system (EPSS) score for CVE-2013-4730
76.97%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2013-4730
-
PCMAN FTP Server Buffer Overflow - PUT Command
Disclosure Date: 2015-08-07First seen: 2020-04-26exploit/windows/ftp/pcman_putThis module exploits a buffer overflow vulnerability found in the PUT command of the PCMAN FTP v2.0.7 Server. This requires authentication but by default anonymous credentials are enabled. Authors: - Jay Turla - Chris Higgins -
PCMAN FTP Server Post-Authentication STOR Command Stack Buffer Overflow
Disclosure Date: 2013-06-27First seen: 2020-04-26exploit/windows/ftp/pcman_storThis module exploits a buffer overflow vulnerability found in the STOR command of the PCMAN FTP v2.07 Server when the "/../" parameters are also sent to the server. Please note authentication is required in order to trigger the vulnerability. The overflowing
CVSS scores for CVE-2013-4730
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2013-4730
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-4730
-
http://infosec42.blogspot.com/2013/06/unauthenticated-pcman-ftp-207-buffer.html
Hak42 InfoSec: [Exploit] Unauthenticated PCMan FTP 2.0.7 Buffer OverflowExploit
-
http://www.exploit-db.com/exploits/26471
PCMan FTP Server 2.0.7 - Remote Buffer Overflow - Windows remote ExploitExploit
-
http://www.securityfocus.com/bid/60837
PCMan's FTP Server 'USER' Command Buffer Overflow Vulnerability
Products affected by CVE-2013-4730
- cpe:2.3:a:pcman\'s_ftp_server_project:pcman\'s_ftp_server:2.0.7:*:*:*:*:*:*:*