Yatftpsvr
Author: t | 2025-04-24
Title: YaTFTPSvr TFTP Server Directory Traversal Vulnerability Software : YaTFTPSvr TFTP Server Software Version : 1. Vendor:
YaTFTPSvr 1. - Download, Screenshots - Softpedia
Build 237 isvulnerable and other versions may also be affected.Ref: CVE: Not AvailablePlatform: Third Party Windows AppsTitle: YaTFTPSvr TFTP Server Directory TraversalDescription: YaTFTPSvr is a TFTP server for various Microsoft Windowsplatforms. The application is exposed to a directory traversal issuebecause it fails to sufficiently sanitize directory traversal stringsfrom user-supplied filenames. YaTFTPSvr 1.0.1.200 is vulnerable andother versions may also be affected.Ref: CVE: Not AvailablePlatform: Third Party Windows AppsTitle: NJStar Communicator MiniSMTP Server Remote Stack BufferOverflowDescription: NJStar Communicator is a web-based communicationapplication. The application is exposed to a remote stack-based bufferoverflow issue because it fails to properly bounds check user-supplieddata before copying it to an insufficiently sized memory buffer. Aspecially crafted packet can be used to trigger this vulnerability.NJStar Communicator 3.00 is vulnerable and other versions may also beaffected.Ref: CVE: CVE-2011-1918Platform: Third Party Windows AppsTitle: GE Proficy Historian Data Archiver Service Remote BufferOverflowDescription: Proficy Historian is a data historian application thatcollects, archives and distributes production information. Theapplication is exposed to a remote stack-based buffer overflow issuebecause it fails to perform adequate boundary checks on user-supplieddata before copying it to an insufficiently sized buffer. ProficyHistorian version 4.0 and prior, Proficy HMI/SCADA CIMPLICITY version8.1 (If Historian is installed), Proficy HMI/SCADA iFix version 5.0 and5.1 (If Historian is installed) are affected.Ref: CVE: CVE-2011-4073Platform: LinuxTitle: Openswan Crpyotgraphic Helper Use After Free Remote Denial OfServiceDescription: Openswan is an implementation of IPsec for Linux.Openswan is exposed to a remote denial of service issue because of ause-after-free error related to the cryptographic helper handler. Thisissue occurs when handling a specially crafted ISAKMP phase 1authentication packet. This issue occurs only when Openswan isconfigured with “nhelpers=0”. Openswan 2.3.0 to 2.6.36 are affected.Ref: CVE: CVE-2011-3219,CVE-2011-3220, CVE-2011-3221,CVE-2011-3218,CVE-2011-3222,CVE-2011-3223, CVE-2011-3228,CVE-2011-3247,CVE-2011-3248, CVE-2011-3249,CVE-2011-3250,CVE-2011-3251Platform: Cross PlatformTitle: Apple QuickTime Multiple VulnerabilitiesDescription: Apple QuickTime is a media player that supports multiplefile formats. The application is exposed to multiple security issues.See reference for detailed information. Versions prior to QuickTime7.7.1 are vulnerable on Windows 7, Vista and XP.Ref: CVE: CVE-2011-1370Platform: Cross PlatformTitle: IBM Lotus Sametime Configuration Servlet AuthenticationSecurity BypassDescription: IBM Lotus Sametime is a real time web conferencingapplication. The application is exposed to a security bypass issue.This issue occurs because the configuration Title: YaTFTPSvr TFTP Server Directory Traversal Vulnerability Software : YaTFTPSvr TFTP Server Software Version : 1. Vendor: Title: YaTFTPSvr TFTP Server Directory Traversal Vulnerability Software : YaTFTPSvr TFTP Server Software Version : 1. Vendor: Vol. 11, Num. 45 This is a weekly newsletter that provides in-depth analysis of the latest vulnerabilities with straightforward remediation advice. Qualys supplies a large part of the newly-discovered vulnerability content used in this newsletter. Summary of Updates and Vulnerabilities in this ConsensusPlatform Number of Updates and Vulnerabilities— | —Windows 1 (#1)Other Microsoft Products 1Third Party Windows Apps 8Linux 1Cross Platform | 9 (#2,#3,#4)Web Application - Cross Site Scripting | 1Web Application - SQL Injection 1Web Application 3Network Device | 1Hardware 1Widely Deployed Software(1) HIGH: Microsoft Windows Kernel 0-Day Vulnerability(2) MEDIUM: Apple QuickTime Multiple Vulnerabilities(3) MEDIUM: Adobe Reader Multiple Security Vulnerabilities(4) MEDIUM: Novell iPrint Client nipplib.dll Buffer OverflowPart II – Comprehensive List of Newly Discovered Vulnerabilities from Qualys(www.qualys.com)Windows11.45.1 - Microsoft Windows Kernel Word File Handling Remote Code ExecutionOther Microsoft Products11.45.2 - Microsoft Outlook Web Access Session Replay Security BypassThird Party Windows Apps11.45.3 - Novell iPrint Client “nipplib.dll” Remote Code Execution11.45.4 - Novell ZENworks Handheld Management “Common.dll” Directory Traversal11.45.5 - Winamp Multiple Remote Vulnerabilities11.45.6 - FFFTP Insecure Executable File Loading Arbitrary Code Execution11.45.7 - GFI Faxmaker Divide-By-Zero Denial of Service11.45.8 - YaTFTPSvr TFTP Server Directory Traversal11.45.9 - NJStar Communicator MiniSMTP Server Remote Stack Buffer Overflow11.45.10 - GE Proficy Historian Data Archiver Service Remote Buffer OverflowLinux11.45.11 - Openswan Crpyotgraphic Helper Use After Free Remote Denial Of ServiceCross Platform11.45.12 - Apple QuickTime Multiple Vulnerabilities11.45.13 - IBM Lotus Sametime Configuration Servlet Authentication Security Bypass11.45.14 - Tor Directory Remote Information Disclosure Vulnerability Bridge Enumeration Weaknesses11.45.15 - Opera Web Browser Escape Sequence Stack Buffer Overflow Denial of Service11.45.16 - net6 Session Hijacking and Information Disclosure Vulnerabilities11.45.17 - Novell Messenger Server Memory Information Disclosure11.45.18 - Squid Proxy Caching Server CNAME Denial of Service11.45.19 - IBM WebSphere MQ CCDT File Local Privilege Escalation11.45.20 - HP OpenView Network Node Manager Multiple Remote Code Execution VulnerabilitiesWeb Application - Cross Site Scripting11.45.21 - BackupPC “index.cgi” Cross-Site ScriptingWeb Application - SQL Injection11.45.22 - SjXjV “post.php” SQL InjectionWeb Application11.45.23 - IBM HTTP Server Multiple Cross-Site Scripting Vulnerabilities11.45.24 - IBM WebSphere ILOG Rule Team Server Unspecified Cross-Site Scripting11.45.25 - eFront Multiple Security VulnerabilitiesNetwork Device11.45.26 - D-Link DIR-300 Unspecified Remote Code Execution and Remote FileComments
Build 237 isvulnerable and other versions may also be affected.Ref: CVE: Not AvailablePlatform: Third Party Windows AppsTitle: YaTFTPSvr TFTP Server Directory TraversalDescription: YaTFTPSvr is a TFTP server for various Microsoft Windowsplatforms. The application is exposed to a directory traversal issuebecause it fails to sufficiently sanitize directory traversal stringsfrom user-supplied filenames. YaTFTPSvr 1.0.1.200 is vulnerable andother versions may also be affected.Ref: CVE: Not AvailablePlatform: Third Party Windows AppsTitle: NJStar Communicator MiniSMTP Server Remote Stack BufferOverflowDescription: NJStar Communicator is a web-based communicationapplication. The application is exposed to a remote stack-based bufferoverflow issue because it fails to properly bounds check user-supplieddata before copying it to an insufficiently sized memory buffer. Aspecially crafted packet can be used to trigger this vulnerability.NJStar Communicator 3.00 is vulnerable and other versions may also beaffected.Ref: CVE: CVE-2011-1918Platform: Third Party Windows AppsTitle: GE Proficy Historian Data Archiver Service Remote BufferOverflowDescription: Proficy Historian is a data historian application thatcollects, archives and distributes production information. Theapplication is exposed to a remote stack-based buffer overflow issuebecause it fails to perform adequate boundary checks on user-supplieddata before copying it to an insufficiently sized buffer. ProficyHistorian version 4.0 and prior, Proficy HMI/SCADA CIMPLICITY version8.1 (If Historian is installed), Proficy HMI/SCADA iFix version 5.0 and5.1 (If Historian is installed) are affected.Ref: CVE: CVE-2011-4073Platform: LinuxTitle: Openswan Crpyotgraphic Helper Use After Free Remote Denial OfServiceDescription: Openswan is an implementation of IPsec for Linux.Openswan is exposed to a remote denial of service issue because of ause-after-free error related to the cryptographic helper handler. Thisissue occurs when handling a specially crafted ISAKMP phase 1authentication packet. This issue occurs only when Openswan isconfigured with “nhelpers=0”. Openswan 2.3.0 to 2.6.36 are affected.Ref: CVE: CVE-2011-3219,CVE-2011-3220, CVE-2011-3221,CVE-2011-3218,CVE-2011-3222,CVE-2011-3223, CVE-2011-3228,CVE-2011-3247,CVE-2011-3248, CVE-2011-3249,CVE-2011-3250,CVE-2011-3251Platform: Cross PlatformTitle: Apple QuickTime Multiple VulnerabilitiesDescription: Apple QuickTime is a media player that supports multiplefile formats. The application is exposed to multiple security issues.See reference for detailed information. Versions prior to QuickTime7.7.1 are vulnerable on Windows 7, Vista and XP.Ref: CVE: CVE-2011-1370Platform: Cross PlatformTitle: IBM Lotus Sametime Configuration Servlet AuthenticationSecurity BypassDescription: IBM Lotus Sametime is a real time web conferencingapplication. The application is exposed to a security bypass issue.This issue occurs because the configuration
2025-04-04Vol. 11, Num. 45 This is a weekly newsletter that provides in-depth analysis of the latest vulnerabilities with straightforward remediation advice. Qualys supplies a large part of the newly-discovered vulnerability content used in this newsletter. Summary of Updates and Vulnerabilities in this ConsensusPlatform Number of Updates and Vulnerabilities— | —Windows 1 (#1)Other Microsoft Products 1Third Party Windows Apps 8Linux 1Cross Platform | 9 (#2,#3,#4)Web Application - Cross Site Scripting | 1Web Application - SQL Injection 1Web Application 3Network Device | 1Hardware 1Widely Deployed Software(1) HIGH: Microsoft Windows Kernel 0-Day Vulnerability(2) MEDIUM: Apple QuickTime Multiple Vulnerabilities(3) MEDIUM: Adobe Reader Multiple Security Vulnerabilities(4) MEDIUM: Novell iPrint Client nipplib.dll Buffer OverflowPart II – Comprehensive List of Newly Discovered Vulnerabilities from Qualys(www.qualys.com)Windows11.45.1 - Microsoft Windows Kernel Word File Handling Remote Code ExecutionOther Microsoft Products11.45.2 - Microsoft Outlook Web Access Session Replay Security BypassThird Party Windows Apps11.45.3 - Novell iPrint Client “nipplib.dll” Remote Code Execution11.45.4 - Novell ZENworks Handheld Management “Common.dll” Directory Traversal11.45.5 - Winamp Multiple Remote Vulnerabilities11.45.6 - FFFTP Insecure Executable File Loading Arbitrary Code Execution11.45.7 - GFI Faxmaker Divide-By-Zero Denial of Service11.45.8 - YaTFTPSvr TFTP Server Directory Traversal11.45.9 - NJStar Communicator MiniSMTP Server Remote Stack Buffer Overflow11.45.10 - GE Proficy Historian Data Archiver Service Remote Buffer OverflowLinux11.45.11 - Openswan Crpyotgraphic Helper Use After Free Remote Denial Of ServiceCross Platform11.45.12 - Apple QuickTime Multiple Vulnerabilities11.45.13 - IBM Lotus Sametime Configuration Servlet Authentication Security Bypass11.45.14 - Tor Directory Remote Information Disclosure Vulnerability Bridge Enumeration Weaknesses11.45.15 - Opera Web Browser Escape Sequence Stack Buffer Overflow Denial of Service11.45.16 - net6 Session Hijacking and Information Disclosure Vulnerabilities11.45.17 - Novell Messenger Server Memory Information Disclosure11.45.18 - Squid Proxy Caching Server CNAME Denial of Service11.45.19 - IBM WebSphere MQ CCDT File Local Privilege Escalation11.45.20 - HP OpenView Network Node Manager Multiple Remote Code Execution VulnerabilitiesWeb Application - Cross Site Scripting11.45.21 - BackupPC “index.cgi” Cross-Site ScriptingWeb Application - SQL Injection11.45.22 - SjXjV “post.php” SQL InjectionWeb Application11.45.23 - IBM HTTP Server Multiple Cross-Site Scripting Vulnerabilities11.45.24 - IBM WebSphere ILOG Rule Team Server Unspecified Cross-Site Scripting11.45.25 - eFront Multiple Security VulnerabilitiesNetwork Device11.45.26 - D-Link DIR-300 Unspecified Remote Code Execution and Remote File
2025-04-11