Vulnerabilities > Netopia > Timbuktu PRO > 8.6.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-03-14 | CVE-2008-1337 | Improper Input Validation vulnerability in Netopia Timbuktu PRO 8.6.5 The instant message service in Timbuktu Pro 8.6.5 RC 229 and earlier for Windows allows remote attackers to cause (1) a denial of service (daemon crash) via an invalid Version field or (2) a denial of service (CPU consumption and daemon termination) via an invalid or partial message. | 5.0 |
| 2008-03-14 | CVE-2008-1118 | Improper Input Validation vulnerability in Netopia Timbuktu PRO 8.6.5 Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, does not perform input validation before logging information fields taken from packets from a remote peer, which allows remote attackers to generate crafted log entries, and possibly avoid detection of attacks, via modified (1) computer name, (2) user name, and (3) IP address fields. | 7.5 |
| 2008-03-14 | CVE-2008-1117 | Path Traversal vulnerability in Netopia Timbuktu PRO 8.6.5 Directory traversal vulnerability in the Notes (aka Flash Notes or instant messages) feature in tb2ftp.dll in Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, allows remote attackers to upload files to arbitrary locations via a destination filename with a \ (backslash) character followed by ../ (dot dot slash) sequences. | 10.0 |