cpe:/a:x-diesel:unreal_commander:0.92_build565 cpe:/a:x-diesel:unreal_commander:0.92_build573 CVE-2007-4843 2007-09-12T16:17:00.000-04:00 2008-11-15T01:58:45.127-05:00 5.8 NETWORK MEDIUM NONE NONE PARTIAL PARTIAL http://nvd.nist.gov 2007-09-13T15:57:00.000-04:00 BUGTRAQ 20070906 [HISPASEC] 2K7SEPT6 X-Diesel Unreal Commander v0.92 (build 573) multiple FTP-based vulnerabilities BID 25583 SECUNIA 26739 SREASON 3125 OSVDB 39615 MISC http://blog.hispasec.com/lab/advisories/adv_UnrealCommander_0_92_build_573_Multiple_FTP_Based_Vulnerabilities.txt Directory traversal vulnerability in X-Diesel Unreal Commander 0.92 build 565 and 573 allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a filename. NOTE: this can be leveraged for code execution by writing to a Startup folder.