CVE-2008-1118

Timbuktu Pro <8.7 - Info Disclosure

Title source: llm

Description

Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, does not perform input validation before logging information fields taken from packets from a remote peer, which allows remote attackers to generate crafted log entries, and possibly avoid detection of attacks, via modified (1) computer name, (2) user name, and (3) IP address fields.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Core Security · pythonremotewindows

https://www.exploit-db.com/exploits/5238

View Code ZIP pw:eip

References (7)

[Vendor Advisory] http://secunia.com/advisories/29316

[Third Party Advisory] http://securityreason.com/securityalert/3742

[Various Sources] http://www.coresecurity.com/?action=item&id=2166

[Exploit] http://www.securityfocus.com/bid/28081

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/41330

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/489414/100/0/threaded

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/5238

Scores

EPSS 0.1082

EPSS Percentile 93.2%

Classification

CWE

CWE-20

Status draft

Affected Products (1)

netopia/timbuktu_pro

Timeline

Published Mar 14, 2008

Tracked Since Feb 18, 2026