Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tftpd vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2019-1681
A vulnerability in the TFTP service of Cisco Network Convergence System 1000 Series software could allow an unauthenticated, remote malicious user to retrieve arbitrary files from the targeted device, possibly resulting in information disclosure. The vulnerability is due to impro...
Cisco Ios Xr
NA
CVE-2013-6809
Format string vulnerability in the client in Tftpd32 prior to 4.50 allows remote servers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in the Remote File field.
Philippe Jounin Tftpd32 3.50
Philippe Jounin Tftpd32 3.35
Philippe Jounin Tftpd32 3.26
Philippe Jounin Tftpd32 2.54
Philippe Jounin Tftpd32 3.00
Philippe Jounin Tftpd32 2.84
Philippe Jounin Tftpd32 2.72
Philippe Jounin Tftpd32 2.71
Philippe Jounin Tftpd32 2.21
Philippe Jounin Tftpd32 2.11
Philippe Jounin Tftpd32 2.2
Philippe Jounin Tftpd32
Philippe Jounin Tftpd32 3.51
Philippe Jounin Tftpd32 3.28
Philippe Jounin Tftpd32 3.27
Philippe Jounin Tftpd32 3.02
Philippe Jounin Tftpd32 3.01
Philippe Jounin Tftpd32 2.74
Philippe Jounin Tftpd32 2.73
Philippe Jounin Tftpd32 2.52
Philippe Jounin Tftpd32 2.51
Philippe Jounin Tftpd32 3.31
NA
CVE-2013-0145
Buffer overflow in the TFTPD service in Serva32 2.1.0 allows remote malicious users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long string in a read request.
Vercot Serva32 2.1.0
1 EDB exploit
NA
CVE-2010-4323
Heap-based buffer overflow in novell-tftp.exe in Novell ZENworks Configuration Manager (ZCM) 10.3.1, 10.3.2, and 11.0, and previous versions versions, allows remote malicious users to execute arbitrary code via a long TFTP request.
Novell Zenworks Configuration Manager 10.3.2
Novell Zenworks Configuration Manager
Novell Zenworks Configuration Manager 10.3.1
1 EDB exploit
NA
CVE-2005-4882
tftpd in Philippe Jounin Tftpd32 2.74 and previous versions, as used in Wyse Simple Imager (WSI) and other products, allows remote malicious users to cause a denial of service (daemon crash) via a long filename in a TFTP read (aka RRQ or get) request, a different vulnerability th...
Philippe Jounin Tftpd32 2.73
Philippe Jounin Tftpd32 2.72
Philippe Jounin Tftpd32 2.53
Philippe Jounin Tftpd32 2.52
Philippe Jounin Tftpd32 2.51
Philippe Jounin Tftpd32 2.5
Philippe Jounin Tftpd32 2.70
Philippe Jounin Tftpd32 2.60
Philippe Jounin Tftpd32 2.62
Philippe Jounin Tftpd32 2.54
Philippe Jounin Tftpd32
NA
CVE-2008-1403
Stack-based buffer overflow in the TFTP server in BootManage TFTPD 1.99 and previous versions in BootManage Administrator 7.1 and previous versions allows remote malicious users to execute arbitrary code via a request with a long filename.
Bootmanage Tftpd
Bootmanage Administrator
1 EDB exploit
NA
CVE-2008-1311
The TFTP server in PacketTrap pt360 Tool Suite PRO 2.0.3901.0 and previous versions allows remote malicious users to cause a denial of service (daemon hang) by uploading a file named (1) '|' (pipe), (2) '"' (quotation mark), or (3) "<>" (l...
Packettrap Pt360 Tool Suite Pro
1 EDB exploit
NA
CVE-2007-4687
The remote_cmds component in Apple Mac OS X 10.4 up to and including 10.4.10 contains a symbolic link from the tftpboot private directory to the root directory, which allows tftpd users to escape the private directory and access arbitrary files.
Apple Mac Os X 10.4.7
Apple Mac Os X 10.4.8
Apple Mac Os X Server 10.4.5
Apple Mac Os X Server 10.4.6
Apple Mac Os X 10.4.2
Apple Mac Os X 10.4.3
Apple Mac Os X 10.4.4
Apple Mac Os X Server 10.4.10
Apple Mac Os X Server 10.4.2
Apple Mac Os X Server 10.4.9
Apple Mac Os X 10.4.5
Apple Mac Os X 10.4.6
Apple Mac Os X Server 10.4.3
Apple Mac Os X Server 10.4.4
Apple Mac Os X 10.4.1
Apple Mac Os X 10.4.10
Apple Mac Os X 10.4.9
Apple Mac Os X Server 10.4.1
Apple Mac Os X Server 10.4.7
Apple Mac Os X Server 10.4.8
NA
CVE-2007-2343
Stack-based buffer overflow in the TFTPD component in Enterasys NetSight Console 2.1 and NetSight Inventory Manager 2.1, and possibly earlier, allows remote malicious users to execute arbitrary code via crafted request packets that contain long file names.
Enterasys Netsight Console
Enterasys Netsight Inventory Manager
NA
CVE-2006-0328
Format string vulnerability in Tftpd32 2.81 allows remote malicious users to cause a denial of service via format string specifiers in a filename in a (1) GET or (2) SEND request.
Philippe Jounin Tftpd32 2.81
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »