CVE-2006-3015

Опубликовано: 14 июн. 2006

Источник: nvd

CVSS2: 7.1

EPSS Средний

Описание

Argument injection vulnerability in WinSCP 3.8.1 build 328 allows remote attackers to upload or download arbitrary files via encoded spaces and double-quote characters in a scp or sftp URI.

Ссылки

http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0196.html
Broken Link
http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046810.html
Broken Link
Exploit
http://secunia.com/advisories/20575
Broken Link
Vendor Advisory
http://winscp.net/eng/docs/history#3.8.2
Release Notes
http://www.kb.cert.org/vuls/id/912588
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/18384
Broken Link
Exploit
Third Party Advisory
VDB Entry
http://www.vupen.com/english/advisories/2006/2289
Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/27075
Third Party Advisory
VDB Entry
http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0196.html
Broken Link
http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046810.html
Broken Link
Exploit
http://secunia.com/advisories/20575
Broken Link
Vendor Advisory
http://winscp.net/eng/docs/history#3.8.2
Release Notes
http://www.kb.cert.org/vuls/id/912588
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/18384
Broken Link
Exploit
Third Party Advisory
VDB Entry
http://www.vupen.com/english/advisories/2006/2289
Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/27075
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:winscp:winscp:3.8.1:*:*:*:*:*:*:*

EPSS

Процентиль: 95%

0.1757

Средний

7.1 High

CVSS2

Дефекты

CWE-88

Связанные уязвимости

GHSA-5wfx-x267-4p7r

github

почти 4 года назад