SecPod Research Team member (Prabhu S Angadi) has found a Directory Traversal vulnerability in Ipswitch TFTP Server. The vulnerability is caused due to improper validation of ‘Read’ request containing ‘../’ sequences. The flaw can be exploited to read arbitrary files via directory traversal attacks. POC : Download here. More information on the flaws can be […]

Read More →

SecPod Research Team member (Prabhu S Angadi) has found Multiple Cross Site Scripting Vulnerabilities in GoAhead WebServer. The vulnerability is caused by improper validation of input to ‘name’ & ‘address’ parameters in /goform/formTest page. This may allow an attacker to steal cookie-based authentication credentials or inject arbitrary HTML code and launch further attacks. More information […]

Read More →

SecPod Research Team member (Prabhu S Angadi) has found Denial Of Service Vulnerability in Hillstone Software HS TFTP Server. The vulnerability is caused due to improper validation of WRITE/READ Request Parameter containing long file name. The flaw can be exploited to crash the service. POC : Download here. More information on the flaws can be […]

Read More →