CVE-2007-4221
https://notcve.org/view.php?id=CVE-2007-4221
Multiple buffer overflows in Motorola Timbuktu Pro before 8.6.5 for Windows allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via (1) a long user name and (2) certain malformed requests; and (3) allow remote Timbuktu servers to have an unknown impact via a malformed HELLO response, related to the Scanner component and possibly related to a malformed computer name. Múltiples desbordamientos de búfer en Motorla Timbuktu Pro anterior a 8.6.5 para Windows permiten a atacantes remotos provocar una denegación de servicio (caída del demonio) o posiblemente ejecutar código de su elección mediante (1) un nombre de usuario largo y (2) determinadas peticiones mal formadas; y (3) permiten a servidores Timbuktu tener impacto desconocido mediante una respuesta HELLO mal formada, relacionado con el componente Scanner y posiblemente relacionado con un nombre de máquina mal formado. • ftp://ftp-xo.netopia.com/evaluation/docs/timbuktu/win/865/relnotes/TB2Win865Evalrn.pdf http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=590 http://secunia.com/advisories/26588 http://www.securityfocus.com/bid/25454 http://www.securitytracker.com/id?1018614 http://www.vupen.com/english/advisories/2007/2990 https://exchange.xforce.ibmcloud.com/vulnerabilities/36280 https://exchange.xforce.ibmcloud.com/vulnerabilities/36281 https://exchange.xforce.ibmcloud.com/vulnerabilities/36282 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-4220 – Motorola Timbuktu Pro 8.6.3.1367 - Directory Traversal
https://notcve.org/view.php?id=CVE-2007-4220
Directory traversal vulnerability in Motorola Timbuktu Pro before 8.6.5 for Windows allows remote attackers to create or delete arbitrary files via a .. (dot dot) in a Send request, probably related to the (1) Send and (2) Exchange services. Vulnerabilidad de salto de directorio en Motorola Timbuktu Pro anterior a 8.6.5 para Windows permite a atacantes remotos crear o borrar archivos de su elección mediante un .. (punto punto) en una petición Send (Enviar), probablemente relacionada con los servicios (1) Send (Envío) y (2) Exchange (Intercambio). • https://www.exploit-db.com/exploits/30532 ftp://ftp-xo.netopia.com/evaluation/docs/timbuktu/win/865/relnotes/TB2Win865Evalrn.pdf http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=589 http://secunia.com/advisories/26588 http://www.securityfocus.com/bid/25453 http://www.securitytracker.com/id?1018614 http://www.vupen.com/english/advisories/2007/2990 https://exchange.xforce.ibmcloud.com/vulnerabilities/36273 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •