Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Total Commander Security Vulnerabilities

cve
cve

CVE-2005-4066

Total Commander 6.53 uses weak encryption to store FTP usernames and passwords in WCX_FTP.INI, which allows local users to decrypt the passwords and gain access to FTP servers, as possibly demonstrated by the W32.Gudeb worm.

6.9AI Score

0.0004EPSS

2005-12-07 11:03 AM
25
cve
cve

CVE-2007-0263

Unspecified vulnerability in Total Commander before 6.5.6 allows user-assisted remote attackers to delete arbitrary files and corrupt a filesystem via a crafted RAR file. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

6.4AI Score

0.007EPSS

2007-01-16 11:28 PM
21
cve
cve

CVE-2007-4463

The Fileinfo 2.0.9 plugin for Total Commander allows user-assisted remote attackers to cause a denial of service (unhandled exception) via an invalid RVA address function pointer in (1) an IMAGE_THUNK_DATA structure, involving the (a) OriginalFirstThunk and (b) FirstThunk IMAGE_IMPORT_DESCRIPTOR fi...

6.7AI Score

0.194EPSS

2007-08-21 09:17 PM
30
cve
cve

CVE-2007-4464

CRLF injection vulnerability in the Fileinfo 2.0.9 plugin for Total Commander allows user-assisted remote attackers to spoof the information in the Image File Header tab via strings with CRLF sequences in the IMAGE_EXPORT_DIRECTORY array in a PE file, which could complicate forensics investigations...

6.7AI Score

0.005EPSS

2007-08-21 09:17 PM
22
cve
cve

CVE-2007-4756

Directory traversal vulnerability in the FTP client in Total Commander before 7.02 allows remote FTP servers to create or overwrite arbitrary files via ".." (dot dot backslash) sequences in a filename. NOTE: the ".." are not displayed when the user lists files. NOTE: this can be leveraged for code ...

7.3AI Score

0.008EPSS

2007-09-08 01:17 AM
33
cve
cve

CVE-2015-2869

The FileInfo plugin before 2.22 for Ghisler Total Commander allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via (1) a large Size value in the Archive Member Header of a COFF Archive Library file, (2) a large Number Of Symbols value in the 1st Linker M...

6.9AI Score

0.024EPSS

2015-07-21 03:59 PM
23
cve
cve

CVE-2020-17381

An issue was discovered in Ghisler Total Commander 9.51. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the %SYSTEMDRIVE%\totalcmd\TOTALCMD64.EXE binary.

7.3CVSS

7.1AI Score

0.001EPSS

2020-10-21 07:15 PM
43