Lucene search

[email protected]CVE-2007-4756

HistorySep 08, 2007 - 1:17 a.m.

CVE-2007-4756

2007-09-0801:17:00

CWE-22

[email protected]

web.nvd.nist.gov

total commander

ftp client

directory traversal

vulnerability

code execution

nvd

7.6 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

82.3%

JSON

Directory traversal vulnerability in the FTP client in Total Commander before 7.02 allows remote FTP servers to create or overwrite arbitrary files via "…" (dot dot backslash) sequences in a filename. NOTE: the "…" are not displayed when the user lists files. NOTE: this can be leveraged for code execution by writing to a Startup folder.

CPENameOperatorVersion
ghisler:total_commanderghisler total commanderle7.01

CPE	Name	Operator	Version
ghisler:total_commander	ghisler total commander	le	7.01

References

blog.hispasec.com/lab/advisories/adv_TotalCommander_7_01_Remote_Traversal.txt

osvdb.org/39838

secunia.com/advisories/26734

securityreason.com/securityalert/3106

www.ghisler.com/whatsnew.htm

www.securityfocus.com/archive/1/478720/100/0/threaded

www.securityfocus.com/bid/25581

www.securitytracker.com/id?1018662

www.vupen.com/english/advisories/2007/3102

exchange.xforce.ibmcloud.com/vulnerabilities/36486

exchange.xforce.ibmcloud.com/vulnerabilities/36487

7.6 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

82.3%

JSON

Related for CVE-2007-4756

prion1 nessus1