Directory traversal vulnerability in k23productions TFTPUtil GUI 1.2.0 and 1.3.0 allows remote attackers to read arbitrary files outside the TFTP root directory via directory traversal sequences in a GET request.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| windows_tftp_utility | tftputil | 1.2.0 |
| windows_tftp_utility | tftputil | 1.3.0 |
k23productions TFTPUtil GUI 1.2.0 and 1.3.0 allows remote attackers to cause a denial of service (service crash) via a long filename in a crafted request.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| windows_tftp_utility | tftputil | 1.2.0 |
| windows_tftp_utility | tftputil | 1.3.0 |