In this Patch Tuesday, Microsoft released Seven Bulletins addressing a total of 66 vulnerabilities. The high priority fix is for Internet Explorer, which alone addresses 59 out of 66 vulnerabilities and it includes fix for 0-day CVE-2014-1770. Two are rated as Critical, addressing 61 vulnerabilities and five are rated as Important. Critical security updates addresses security […]

Read More →

SecPod Research Team member (Prabhu S Angadi) has found a Directory Traversal vulnerability in Ipswitch TFTP Server. The vulnerability is caused due to improper validation of ‘Read’ request containing ‘../’ sequences. The flaw can be exploited to read arbitrary files via directory traversal attacks. POC : Download here. More information on the flaws can be […]

Read More →

SecPod Research Team member (Antu Sanadi) has found a Directory Traversal vulnerability in CiscoKits CCNA TFTP Server. The vulnerability is caused due to improper validation of ‘Read’ request containing ‘../’ sequences. The flaw can be exploited to read arbitrary files via directory traversal attacks. POC : Download here. More information on the flaws can be found here. […]

Read More →

SecPod Research Team member (Veerendra G.G) has found a Directory Traversal Vulnerability in Avaya IP Office Manager TFTP Server. The vulnerability is caused due to improper validation of TFTP READ requests containing ‘../’ sequences, which allows attackers to read arbitrary files via directory traversal attacks and gain sensitive information. POC : Download here. Packet Capture : Download […]

Read More →