Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tftp-server vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2006-1952
Directory traversal vulnerability in WinAgents TFTP Server for Windows 3.1 and previous versions allows remote malicious users to read arbitrary files via "..." (triple dot) sequences in a GET request.
Winagents Tftp Server
5
CVSSv2
CVE-2006-0328
Format string vulnerability in Tftpd32 2.81 allows remote malicious users to cause a denial of service via format string specifiers in a filename in a (1) GET or (2) SEND request.
Philippe Jounin Tftpd32 2.81
1 EDB exploit
10
CVSSv2
CVE-2005-1812
Multiple stack-based buffer overflows in FutureSoft TFTP Server Evaluation Version 1.0.0.1 allow remote malicious users to execute arbitrary code via a long (1) filename or (2) transfer mode string in a Read Request (RRQ) or Write Request (WRQ) packet.
Futuresoft Tftp Server 2000 1.0.0.1
2 EDB exploits
7.8
CVSSv2
CVE-2005-1813
Directory traversal vulnerability in FutureSoft TFTP Server Evaluation Version 1.0.0.1 allows remote malicious users to read arbitrary files via a TFTP GET request containing (1) "../" (dot dot slash) or (2) "..\" (dot dot backslash) sequences.
Futuresoft Tftp Server 2000 1.0.0.1
5
CVSSv2
CVE-2004-2432
WinAgents TFTP Server 3.0 allows remote malicious users to cause a denial of service (crash) via a request for a file with a long file name, possibly due to an off-by-one buffer overflow.
6.4
CVSSv2
CVE-2004-0952
HP-UX B.11.00 through B.11.23, when running Ignite-UX and using the add_new_client command, causes the TFTP server to set world-writable permissions on part of the directory tree, which allows remote malicious users to modify data or cause disk consumption.
Hp Hp-ux 11.11
Hp Hp-ux 11.22
Hp Hp-ux 11.00
Hp Hp-ux 11.23
7.5
CVSSv2
CVE-2004-0951
The make_recovery command for the TFTP server in HP Ignite-UX before C.6.2.241 makes a copy of the password file in the TFTP directory tree, which allows remote malicious users to obtain sensitive information.
Hp Ignite-ux C.6.2.241
5
CVSSv2
CVE-2003-1264
TFTP server in Longshine Wireless Access Point (WAP) LCS-883R-AC-B, and in D-Link DI-614+ 2.0 which is based on it, allows remote malicious users to obtain the WEP secret and gain administrator privileges by downloading the configuration file (config.img) and other files without ...
D-link Di-614\\+ 2.0
Longshine Technologie Longshine Wireless Ethernet Access Point Lcs-883r-ac-b
5
CVSSv2
CVE-2002-1542
SolarWinds TFTP server 5.0.55 and previous versions allows remote malicious users to cause a denial of service (crash) via a large UDP datagram, possibly triggering a buffer overflow.
Solarwinds Tftp Server 5.0.55 Standard
1 EDB exploit
7.5
CVSSv2
CVE-2002-1810
D-Link DWL-900AP+ Access Point 2.1 and 2.2 allows remote malicious users to access the TFTP server without authentication and read the config.img file, which contains sensitive information such as the administrative password, the WEP encryption keys, and network configuration inf...
Dlink Dwl-900ap\\+ Firmware 2.1
Dlink Dwl-900ap\\+ Firmware 2.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »