CyberSec.Space Logo
Back to CVE Browser

CVE-2006-6184

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1400%
EPSS Percentile28.23th
PublishedDec 1, 2006
Last ModifiedApr 23, 2026

Vulnerability Description

Multiple stack-based buffer overflows in Allied Telesyn TFTP Server (AT-TFTP) 1.9, and possibly earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a long filename in a (1) GET or (2) PUT command.

Affected Platforms (CPE)

πŸ“¦
Alliedtelesyn

At Tftp

<= 1.9

References & Advisories

πŸ”— http://secunia.com/advisories/23106
πŸ”— http://securityreason.com/securityalert/1929
πŸ”— http://securityreason.com/securityalert/8120
πŸ”— http://www.exploit-db.com/exploits/16350
πŸ”— http://www.exploit-db.com/exploits/24952
πŸ”— http://www.osvdb.org/11350
πŸ”— http://www.securityfocus.com/archive/1/452743/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/21320

Related Vulnerabilities

CVE-2002-039510.0

The TFTP server for Red-M 1050 (Bluetooth Access Point) can not be disabled and makes it easier for remote attackers to crack the ...

CVE-2004-163610.0

Heap-based buffer overflow in the WvTFTPServer::new_connection function in wvtftpserver.cc for WvTftp 0.9 allows remote attackers ...

CVE-1999-049810.0

TFTP is not running in a restricted directory, allowing a remote attacker to access sensitive information such as password files.

CVE-2005-181210.0

Multiple stack-based buffer overflows in FutureSoft TFTP Server Evaluation Version 1.0.0.1 allow remote attackers to execute arbit...