The 2012 Pwnie Nominee For Best Server-Side Bug

ProFTPD Response Pool Use-after-Free (CVE-2011-4130)

Credit: Anonymous

Wait, use-after-free bugs exist outside of web browsers? Shame on them for trying to monopolize that bug class. Anyway, this post-auth use-after-free gets you remote code execution on ProFTPD. And that’s what dreams are made of. Well, that and puppy tears. Ours are, anyway.

(CVE-2011-4130)