[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-3015Date: (C)2006-06-14   (M)2024-02-22


Argument injection vulnerability in WinSCP 3.8.1 build 328 allows remote attackers to upload or download arbitrary files via encoded spaces and double-quote characters in a scp or sftp URI.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.1
Exploit Score: 4.9
Impact Score: 9.2
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: HIGH
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: NONE
  
Reference:
BID-18384
http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0196.html
http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046810.html
SECUNIA-20575
ADV-2006-2289
VU#912588
http://winscp.net/eng/docs/history#3.8.2
winscp-uri-handler-command-execution(27075)

CWE    1
CWE-88

© SecPod Technologies