Lucene search

PRIOn knowledge basePRION:CVE-2007-4756

HistorySep 08, 2007 - 1:17 a.m.

Directory traversal

2007-09-0801:17:00

PRIOn knowledge base

www.prio-n.com

7.7 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

82.1%

JSON

Directory traversal vulnerability in the FTP client in Total Commander before 7.02 allows remote FTP servers to create or overwrite arbitrary files via "…" (dot dot backslash) sequences in a filename. NOTE: the "…" are not displayed when the user lists files. NOTE: this can be leveraged for code execution by writing to a Startup folder.

CPENameOperatorVersion
total_commanderle7.01

CPE	Name	Operator	Version
	total_commander	le	7.01

References

blog.hispasec.com/lab/advisories/adv_TotalCommander_7_01_Remote_Traversal.txt

osvdb.org/39838

secunia.com/advisories/26734

securityreason.com/securityalert/3106

www.ghisler.com/whatsnew.htm

www.securityfocus.com/archive/1/478720/100/0/threaded

www.securityfocus.com/bid/25581

www.securitytracker.com/id?1018662

www.vupen.com/english/advisories/2007/3102

exchange.xforce.ibmcloud.com/vulnerabilities/36486

exchange.xforce.ibmcloud.com/vulnerabilities/36487

7.7 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

82.1%

JSON

Related for PRION:CVE-2007-4756