QwikSec

Security Database

CVE

CWE

Training

CVE-2012-10023

Published: Aug 5, 2025

Modified: Apr 7, 2026

PUBLISHED

Description

A stack-based buffer overflow vulnerability exists in FreeFloat FTP Server version 1.0.0. The server fails to properly validate input passed to the USER command, allowing remote attackers to overwrite memory and potentially execute arbitrary code. The flaw is triggered by sending an overly long username string, which overflows the buffer allocated for user authentication.

Vendor	Product	Versions
FreeFloat	FTP Server	affected `*`

Weaknesses (CWE)

References

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/freefloatftp_user.rb

exploit

https://www.exploit-db.com/exploits/23243

exploit

https://my.saintcorporation.com/cgi-bin/exploit_info/freefloat_ftp_server_user_cmd

third-party-advisory

https://www.exploit-db.com/exploits/15689

exploit

https://web.archive.org/web/20101208040029/http://secunia.com/advisories/42465/

technical-description

exploit

https://web.archive.org/web/20101213050627/http://www.freefloat.com/sv/about-/about-.php

product

https://www.vulncheck.com/advisories/freefloat-ftp-server-user-command-buffer-overflow

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.