Filtered by vendor Kiwi Enterprises Subscriptions
Filtered by product Kiwi Cattools Subscriptions
Total 2 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2007-0889 1 Kiwi Enterprises 1 Kiwi Cattools 2018-10-16 N/A
Kiwi CatTools before 3.2.0 beta uses weak encryption ("reversible encoding") for passwords, account names, and IP addresses in kiwidb-cattools.kdb, which might allow local users to gain sensitive information by decrypting the file. NOTE: this issue could be leveraged with a directory traversal vulnerability for a remote attack vector.
CVE-2007-0888 1 Kiwi Enterprises 1 Kiwi Cattools 2018-10-16 N/A
Directory traversal vulnerability in the TFTP server in Kiwi CatTools before 3.2.0 beta allows remote attackers to read arbitrary files, and upload files to arbitrary locations, via ..// (dot dot) sequences in the pathname argument to an FTP (1) GET or (2) PUT command.