Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tftp server vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2017-7237
The Spiceworks TFTP Server, as distributed with Spiceworks Inventory 7.5, allows remote malicious users to access the Spiceworks data\configurations directory by leveraging the unauthenticated nature of the TFTP service for all clients who can reach UDP port 69, as demonstrated b...
Spiceworks Spiceworks 7.5
1 EDB exploit
10
CVSSv2
CVE-2007-0888
Directory traversal vulnerability in the TFTP server in Kiwi CatTools prior to 3.2.0 beta allows remote malicious users to read arbitrary files, and upload files to arbitrary locations, via ..// (dot dot) sequences in the pathname argument to an FTP (1) GET or (2) PUT command.
Kiwi Enterprises Kiwi Cattools
1 EDB exploit
7.5
CVSSv2
CVE-2018-15379
A vulnerability in which the HTTP web server for Cisco Prime Infrastructure (PI) has unrestricted directory permissions could allow an unauthenticated, remote malicious user to upload an arbitrary file. This file could allow the malicious user to execute commands at the privilege...
Cisco Prime Infrastructure 3.4\\(0.0\\)
Cisco Prime Infrastructure 3.5\\(0.0\\)
Cisco Prime Infrastructure 3.2\\(0.0\\)
Cisco Prime Infrastructure 3.2\\(2.0\\)
Cisco Prime Infrastructure 3.2
Cisco Prime Infrastructure 3.3
Cisco Prime Infrastructure 3.4
Cisco Prime Infrastructure 3.2\\(1.0\\)
Cisco Prime Infrastructure 3.3\\(0.0\\)
1 EDB exploit
10
CVSSv2
CVE-2006-3498
Stack-based buffer overflow in bootpd in the DHCP component for Apple Mac OS X 10.3.9 and 10.4.7 allows remote malicious users to execute arbitrary code via a crafted BOOTP request.
Apple Mac Os X 10.3.9
Apple Mac Os X 10.4.7
Apple Mac Os X Server 10.3.9
Apple Mac Os X Server 10.4.7
7.1
CVSSv2
CVE-2013-6704
Cisco IOS XE does not properly manage memory for TFTP UDP flows, which allows remote malicious users to cause a denial of service (memory consumption) via TFTP (1) client or (2) server traffic, aka Bug IDs CSCuh09324 and CSCty42686.
Cisco Ios Xe -
7.5
CVSSv2
CVE-2019-5482
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
Haxx Curl
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Opensuse Leap 15.0
Opensuse Leap 15.1
Netapp Cloud Backup -
Netapp Snapcenter -
Netapp Steelstore Cloud Integrated Storage -
Netapp Oncommand Unified Manager
Netapp Oncommand Workflow Automation -
Netapp Oncommand Insight -
Oracle Http Server 12.2.1.3.0
Oracle Enterprise Manager Ops Center 12.3.3
Oracle Communications Operations Monitor 3.4
Oracle Communications Operations Monitor 4.0
Oracle Enterprise Manager Ops Center 12.4.0
Oracle Oss Support Tools 20.0
Oracle Http Server 12.2.1.4.0
Oracle Communications Operations Monitor 4.2
Oracle Communications Operations Monitor 4.1
Oracle Communications Operations Monitor 4.3
NA
CVE-2022-47505
The SolarWinds Platform was susceptible to the Local Privilege Escalation Vulnerability. This vulnerability allows a local adversary with a valid system user account to escalate local privileges.
Solarwinds Orion Platform
4.6
CVSSv2
CVE-2019-5436
A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 up to and including 7.64.1.
Haxx Libcurl
Opensuse Leap 42.3
Opensuse Leap 15.0
Opensuse Leap 15.1
Fedoraproject Fedora 29
Debian Debian Linux 9.0
Debian Debian Linux 10.0
F5 Traffix Signaling Delivery Controller
Netapp Steelstore Cloud Integrated Storage -
Netapp Solidfire -
Netapp Hci Management Node -
Oracle Enterprise Manager Ops Center 12.3.3
Oracle Enterprise Manager Ops Center 12.4.0
Oracle Mysql Server
Oracle Oss Support Tools 20.0
4.3
CVSSv2
CVE-2008-1410
Directory traversal vulnerability in the PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and previous versions allows remote malicious users to read arbitrary files via directory traversal sequences to the TFTP service.
Acronis Snap Deploy 2.0.0.1076
1 EDB exploit
5
CVSSv2
CVE-2008-1411
The PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and previous versions allows remote malicious users to cause a denial of service (crash) via an incomplete TFTP request, which triggers a NULL pointer dereference.
Acronis Snap Deploy 2.0.0.1076
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
XXE
CVE-2024-34490
SQL injection
CVE-2024-34488
CVE-2024-4507
CVE-2023-7028
CVE-2024-23187
TCP
CVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »