Show filters
33 Total Results
Displaying 1-10 of 33
Sort by:
Attacker Value
Unknown

CVE-2023-29930

Disclosure Date: May 10, 2023 (last updated October 08, 2023)
An issue was found in Genesys CIC Polycom phone provisioning TFTP Server all version allows a remote attacker to execute arbitrary code via the login crednetials to the TFTP server configuration page.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2020-26130

Disclosure Date: October 28, 2020 (last updated February 22, 2025)
Issues were discovered in Open TFTP Server multithreaded 1.66 and Open TFTP Server single port 1.66. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the OpenTFTPServerMT.exe or the OpenTFTPServerSP.exe binary.
Attack Vector: LocalPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2019-12567

Disclosure Date: December 23, 2019 (last updated November 27, 2024)
Stack-based overflow vulnerability in the logMess function in Open TFTP Server MT 1.65 and earlier allows remote attackers to perform a denial of service or execute arbitrary code via a long TFTP error packet, a different vulnerability than CVE-2018-10387 and CVE-2019-12568.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2018-10387

Disclosure Date: December 23, 2019 (last updated November 27, 2024)
Heap-based overflow vulnerability in TFTP Server SP 1.66 and earlier allows remote attackers to perform a denial of service or possibly execute arbitrary code via a long TFTP error packet, a different vulnerability than CVE-2008-2161.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2018-10388

Disclosure Date: December 23, 2019 (last updated November 27, 2024)
Format string vulnerability in the logMess function in TFTP Server SP 1.66 and earlier allows remote attackers to perform a denial of service or execute arbitrary code via format string sequences in a TFTP error packet.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2019-12568

Disclosure Date: September 11, 2019 (last updated November 27, 2024)
Stack-based overflow vulnerability in the logMess function in Open TFTP Server SP 1.66 and earlier allows remote attackers to perform a denial of service or execute arbitrary code via a long TFTP error packet, a different vulnerability than CVE-2018-10387 and CVE-2019-12567.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2018-10389

Disclosure Date: April 02, 2018 (last updated November 27, 2024)
Format string vulnerability in the logMess function in TFTP Server MT 1.65 and earlier allows remote attackers to perform a denial of service or execute arbitrary code via format string sequences in a TFTP error packet.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2011-4722

Disclosure Date: December 28, 2014 (last updated October 05, 2023)
Directory traversal vulnerability in the TFTP Server 1.0.0.24 in Ipswitch WhatsUp Gold allows remote attackers to read arbitrary files via a .. (dot dot) in the Filename field of an RRQ operation.
0
0
Attacker Value
Unknown

CVE-2011-4720

Disclosure Date: December 28, 2014 (last updated October 05, 2023)
Hillstone HS TFTP Server 1.3.2 allows remote attackers to cause a denial of service (daemon crash) via a long filename in a (1) RRQ or (2) WRQ operation.
0
0
Attacker Value
Unknown

CVE-2010-2310

Disclosure Date: June 16, 2010 (last updated October 04, 2023)
SolarWinds TFTP Server 10.4.0.13 allows remote attackers to cause a denial of service (crash) via a long write request.
0
0
View More Topics  Next >