QwikSec

Security Database

CVE

CWE

Training

CVE-2010-20007

Published: Aug 21, 2025

Modified: May 15, 2026

PUBLISHED

Description

Seagull FTP Client <= v3.3 Build 409 contains a stack-based buffer overflow vulnerability in its FTP directory listing parser. When the client connects to an FTP server and receives a crafted response to a LIST command containing an excessively long filename, the application fails to properly validate input length, resulting in a buffer overflow that overwrites the Structured Exception Handler (SEH). This may allow remote attackers to execute arbitrary code on the client system. This product line was discontinued and users were advised to use BlueZone Secure FTP instead, at the time of disclosure.

Vendor	Product	Versions
Rocket Software	Seagull FTP Client	affected `0 - <= 3.3 Build 409`

Weaknesses (CWE)

References

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/seagull_list_reply.rb

exploit

https://www.exploit-db.com/exploits/16705

exploit

https://web.archive.org/web/20111016194057/https://www.corelan.be/index.php/2010/10/12/death-of-an-ftp-client/

technical-description

exploit

https://web.archive.org/web/20120102094617/http://bluezone.rocketsoftware.com/products/secure-managed-file-transfer/bz-secure-ftp/at-a-glance

product

https://www3.rocketsoftware.com/bluezone/help/v34/sftp/sftp.htm

product

https://www.vulncheck.com/advisories/seagull-ftp-stack-buffer-overflow

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.