CVE-2025-67041

CVE-2025-67041 affects Lantronix EDS3000PS (3.1.0.0R2). The host parameter of the TFTP client in the Filesystem Browser page is not properly sanitized, enabling an attacker to escape the original command and execute arbitrary commands with root privileges. The vulnerability is rated CVSS v3.1 bas...

EUVD-2004-1479

Malware in sbrugna...

EUVD-2021-21678

Malware in sbrugna...

EUVD-2021-29715

Malicious code in bioql PyPI...

Fortinet Fortigate Buffer overflow in TFTP client library of CLI (FG-IR-21-173)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-21-173 advisory. - A buffer overflow CWE-121 in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an...

Fortinet FortiOS Buffer Overflow Vulnerability (CNVD-2022-08470)

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. A security vulnerability exists i...

ZyXEL GS1900 Access Control Error Vulnerability

Zyxel ZyXEL GS1900 is a managed switch from Zyxel Taiwan, China. An Access Control Error vulnerability exists in multiple Zyxel products, which stems from the product's TFTP client not adding privilege controls to the functions that can execute system commands. The vulnerability can be exploited ...

CVE-2021-35031

A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware, which could allow an authenticated LAN user to execute arbitrary OS commands via the GUI of the vulnerable device...

Design/Logic Flaw

A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware, which could allow an authenticated LAN user to execute arbitrary OS commands via the GUI of the vulnerable device...

CVE-2021-35031

The CVE-2021-35031 issue affects Zyxel GS1900 series firmware and XGS1210/XGS1250 series firmware, where the TFTP client component does not enforce privilege controls for functions that can run system commands. This enables an authenticated LAN user to execute arbitrary OS commands via the device...

Buffer overflow

A buffer overflow CWE-121 in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments...

CVE-2021-42757

FortiOS contains a buffer overflow (CWE-121) in the TFTP client library. CVE-2021-42757 affects FortiOS versions prior to 6.4.7 and 7.0.0–7.0.2, enabling a locally authenticated attacker to execute arbitrary code via crafted CLI arguments. The vulnerability is documented in Fortinet’s FG-IR-21-17...

Protect

A buffer overflow CWE-121 in the TFTP client library of FortiOS, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments...

atftp code issue vulnerability

atftp is a client implementation of the TFTP protocol. A security vulnerability exists in atftp version 0.7.1. An attacker can exploit this vulnerability to cause a denial of service...

atftp Buffer Overflow Vulnerability

atftp is a client implementation of the TFTP protocol. A buffer overflow vulnerability exists in atftp version 0.7.1. The vulnerability stems from a network system or product performing operations in memory without properly validating data boundaries, resulting in incorrect read and write...

LabF nfsAxe 3.7 TFTP Client - Local Buffer Overflow

LabF nfsAxe 3.7 TFTP Client - Local Buffer Overflow !/usr/bin/python Exploit Author: Miguel Mendez Z Exploit Title: LabF nfsAxe v3.7 - TFTP "Input Directory" Local Buffer Overflow Date: 29-01-2018 Software: LabF nfsAxe Version: v3.7 Vendor Homepage: http://www.labf.com Software Link:...

LabF nfsAxe 3.7 TFTP Client - Local Buffer Overflow Exploit

Exploit for windows platform in category dos / poc !/usr/bin/python Exploit Author: Miguel Mendez Z Exploit Title: LabF nfsAxe v3.7 - TFTP "Input Directory" Local Buffer Overflow Date: 29-01-2018 Software: LabF nfsAxe Version: v3.7 Vendor Homepage: http://www.labf.com Software Link:...

Symantec Altiris DS SQL Injection

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...

Symantec Altiris DS SQL Injection Vulnerability

Usage Info This module exploits a SQL injection flaw in Symantec Altiris Deployment Solution 6.8 to 6.9.164. The vulnerability exists on axengine.exe which fails to adequately sanitize numeric input fields in "UpdateComputer" notification Requests. In order to spawn a shell, several SQL injection...

Design/Logic Flaw

The TFTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, when RBAC is enabled, allows remote authenticated users to bypass intended file-ownership restrictions, and read or overwrite arbitrary files, via unspecified vectors...