Netopia Timbuktu Pro vulnerabilities
6 known vulnerabilities affecting netopia/timbuktu_pro.
Total CVEs
6
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2008-1117P2CRITICALCVSS 10.0PoCv8.6.52008-03-14
CVE-2008-1117 [CRITICAL] CVE-2008-1117: Directory traversal vulnerability in the Notes (aka Flash Notes or instant messages) feature in tb2f
Directory traversal vulnerability in the Notes (aka Flash Notes or instant messages) feature in tb2ftp.dll in Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, allows remote attackers to upload files to arbitrary locations via a destination filename with a \ (backslash) character followed by ../ (dot dot slash) sequences. NOTE: this can be leve
nvd
CVE-2008-1118P3HIGHCVSS 7.5PoCv8.6.52008-03-14
CVE-2008-1118 [HIGH] CWE-20 CVE-2008-1118: Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, does not perform input validation bef
Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, does not perform input validation before logging information fields taken from packets from a remote peer, which allows remote attackers to generate crafted log entries, and possibly avoid detection of attacks, via modified (1) computer name, (2) user name, and (3) IP address fields.
nvd
CVE-2000-0142P4MEDIUMCVSS 5.0PoCv2.0v5.2.12000-02-11
CVE-2000-0142 [MEDIUM] CVE-2000-0142: The authentication protocol in Timbuktu Pro 2.0b650 allows remote attackers to cause a denial of ser
The authentication protocol in Timbuktu Pro 2.0b650 allows remote attackers to cause a denial of service via connections to port 407 and 1417.
nvd
CVE-2002-0135P4MEDIUMCVSS 5.0PoC≤ 6.0.12002-03-25
CVE-2002-0135 [MEDIUM] CVE-2002-0135: Netopia Timbuktu Pro 6.0.1 and earlier allows remote attackers to cause a denial of service (crash)
Netopia Timbuktu Pro 6.0.1 and earlier allows remote attackers to cause a denial of service (crash) via a series of connections to one of the ports (1417 - 1420).
nvd
CVE-2008-1337P4MEDIUMCVSS 5.0v8.6.52008-03-14
CVE-2008-1337 [MEDIUM] CWE-20 CVE-2008-1337: The instant message service in Timbuktu Pro 8.6.5 RC 229 and earlier for Windows allows remote attac
The instant message service in Timbuktu Pro 8.6.5 RC 229 and earlier for Windows allows remote attackers to cause (1) a denial of service (daemon crash) via an invalid Version field or (2) a denial of service (CPU consumption and daemon termination) via an invalid or partial message.
nvd
CVE-2000-0086P4MEDIUMCVSS 5.0v2.0v3.02000-01-18
CVE-2000-0086 [MEDIUM] CVE-2000-0086: Netopia Timbuktu Pro sends user IDs and passwords in cleartext, which allows remote attackers to obt
Netopia Timbuktu Pro sends user IDs and passwords in cleartext, which allows remote attackers to obtain them via sniffing.
nvd