CVE-2010-20115
Vermillion FTP <= 1.31 Daemon PORT Command Memory Corruption
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Arcane Software’s Vermillion FTP Daemon (vftpd) versions up to and including 1.31 contains a memory corruption vulnerability triggered by a malformed FTP PORT command. The flaw arises from an out-of-bounds array access during input parsing, allowing an attacker to manipulate stack memory and potentially execute arbitrary code. Exploitation requires direct access to the FTP service and is constrained by a single execution attempt if the daemon is installed as a Windows service.
| CWE | CWE-787 CWE-704 |
| Vendor | arcane software |
| Product | vermillion ftp daemon |
| Published | Aug 21, 2025 |
| Last Updated | Apr 7, 2026 |
Stay Ahead of the Next One
Get instant alerts for arcane software vermillion ftp daemon
Be the first to know when new unknown vulnerabilities affecting arcane software vermillion ftp daemon are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
Affected Versions
Arcane Software / Vermillion FTP Daemon
* ≤ 1.31
References
raw.githubusercontent.com: https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/vermillion_ftpd_port.rb exploit-db.com: https://www.exploit-db.com/exploits/11293 broadcom.com: https://www.broadcom.com/support/security-center/attacksignatures/detail?asid=23681 juniper.net: https://www.juniper.net/us/en/threatlabs/ips-signatures/detail.FTP:EXPLOIT:VERMILLION-PORT-OF.html web.archive.org: https://web.archive.org/web/20100416140657/http://www.global-evolution.info/news/files/vftpd/vftpd.txt web.archive.org: https://web.archive.org/web/20100213162028/http://www.softsea.com/review/Vermillion-FTP-Daemon.html vulncheck.com: https://www.vulncheck.com/advisories/vermillion-ftp-daemon-port-command-memory-corruption
Credits
x4lt of Global-Evolution Security Group