CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Packet Storm•added 2007/09/07 12:0 a.m.•32 views

magellan-traverse.txt

HISPASEC Security Advisory http://blog.hispasec.com/lab/ Name : 2K7SEPT6 Magellan Explorer 3.32 build 2305 Remote FTP Client Directory Traversal Class : Remote Directory Traversal Threat level : HIGH Discovered : 2007-08-14 Published : 2007-09-06 Credit : Gynvael Coldwind Vulnerable : 3.32 built...

Packet Storm•added 2007/09/07 12:0 a.m.•40 views

tc701-traverse.txt

Packet Storm•added 2007/09/07 12:0 a.m.•32 views

xdiesel-traverse.txt

HISPASEC Security Advisory http://blog.hispasec.com/lab/ Name : 2K7SEPT6 X-Diesel Unreal Commander v0.92 build 573 multiple FTP-based vulnerabilities Class : Remote directory traversal, Remote DoS Threat level : HIGH Discovered : 2007-09-06 Published : 2007-08-24 Credit : Gynvael Coldwind...

exploitpack•added 2007/09/06 12:0 a.m.•13 views

Unreal Commander 0.92 - Directory Traversal

Unreal Commander 0.92 - Directory Traversal source: https://www.securityfocus.com/bid/25583/info Unreal Commander is prone to multiple remote vulnerabilities, including a directory-traversal issue and a denial-of-service issue. An attacker can exploit these issues to compromise the affected...

0.1AI score

Prion•added 2007/08/27 11:17 p.m.•18 views

Directory traversal

Multiple directory traversal vulnerabilities in Unreal Commander 0.92 build 565 and 573 allow user-assisted remote attackers to create or overwrite arbitrary files via a .. dot dot in a filename within a 1 ZIP or 2 RAR archive...

6.8CVSS7.5AI score0.04702EPSS

NVD•added 2007/08/27 11:17 p.m.•12 views

CVE-2007-4545

6.8CVSS7AI score0.04702EPSS

Exploits1References4

Prion•added 2007/08/27 11:17 p.m.•15 views

Design/Logic Flaw

Unreal Commander 0.92 build 565 and 573 lists the filenames from the Central Directory of a ZIP archive, but extracts to local filenames corresponding to names in Local File Header fields in this archive, which might allow remote attackers to trick a user into performing a dangerous file overwrit...

5.8CVSS7AI score0.00459EPSS

Prion•added 2007/08/27 11:17 p.m.•18 views

Design/Logic Flaw

Unreal Commander 0.92 build 565 and 573 writes portions of heap memory into local files when extracting from an archive with malformed size information in a file header, which might allow user-assisted attackers to obtain sensitive information memory contents by reading the extracted files. NOTE:...

4.3CVSS6.4AI score0.00359EPSS

Exploits0References4Affected Software1

NVD•added 2007/08/27 11:17 p.m.•16 views

CVE-2007-4546

5.8CVSS6.5AI score0.00459EPSS

Exploits1References4

NVD•added 2007/08/27 11:17 p.m.•15 views

CVE-2007-4547

4.3CVSS5.9AI score0.00359EPSS

Exploits0References4

CVE•added 2007/08/27 11:0 p.m.•48 views

CVE-2007-4545

CVE-2007-4545 describes multiple directory traversal vulnerabilities in Unreal Commander 0.92 builds 565 and 573. The flaw allows user-assisted remote attackers to create or overwrite arbitrary files via a .. path segment in a filename inside a (1) ZIP or (2) RAR archive. The connected documents ...

6.8CVSS7AI score0.04702EPSS

CVE•added 2007/08/27 11:0 p.m.•46 views

CVE-2007-4546

Unreal Commander 0.92 build 565 and 573 is affected. The software extracts ZIP entries using Local File Header names instead of Central Directory filenames, enabling an attacker to cause a user to overwrite or create local files via a crafted archive. The description notes the mismatch between Ce...

5.8CVSS6.5AI score0.00459EPSS

CVE•added 2007/08/27 11:0 p.m.•46 views

CVE-2007-4547

Unreal Commander 0.92 build 565 and 573 is vulnerable to a heap-memory leakage issue during extraction from archives with malformed size info in the file header. The affected component writes portions of heap memory into local files, potentially enabling a user with sufficient privileges or acces...

4.3CVSS5.9AI score0.00359EPSS

Exploits0References4Affected Software1

Cvelist•added 2007/08/27 11:0 p.m.•21 views

CVE-2007-4546

6.5AI score0.00459EPSS

Exploits1References4

Cvelist•added 2007/08/27 11:0 p.m.•17 views

CVE-2007-4547

5.9AI score0.00359EPSS

Exploits0References4

securityvulns•added 2007/08/25 12:0 a.m.•32 views

X-Diesel Unreal Commander v0.92 (build 573) multiple vulnerabilities

HISPASEC Security Advisory http://blog.hispasec.com/lab/ Name : X-Diesel Unreal Commander v0.92 build 573 multiple vulnerabilities Class : Local/Remote multiple directory traversal Input Validation Error Threat level : HIGH Discovered : 2007-08-09 Published : 2007-08-23 Credit : Gynvael Coldwind...

0.2AI score

seebug.org•added 2007/08/24 12:0 a.m.•37 views

Unreal Commander畸形压缩文档多个远程漏洞

BUGTRAQ ID: 25419 Unreal Commander是一款免费的Windows平台文件管理器。 Unreal Commander在解压文件时存在多个安全漏洞，攻击者可能通过诱使用户处理恶意文件控制用户系统。如果用户使用Unreal Commander解压了文件名包含有类似于以下目录遍历序列的ZIP或RAR文档的话： Something/../../../../../../Program Files/Something/ws232.dll 就会导致在指定目录中创建ws232.dll文件。 ZIP文档中包含有两处写入文件名的位置：Local文件头和Central...

6.9AI score

exploitpack•added 2007/08/23 12:0 a.m.•10 views

Unreal Commander 0.92 - ZIP RAR Archive Handling Traversal Arbitrary File Overwrite

Unreal Commander 0.92 - ZIP RAR Archive Handling Traversal Arbitrary File Overwrite source: https://www.securityfocus.com/bid/25419/info Unreal Commander is prone to multiple remote vulnerabilities when handling malformed ZIP and RAR archives. These vulnerabilities include a directory-traversal...

0.6AI score

Exploit DB•added 2007/08/23 12:0 a.m.•20 views

Unreal Commander 0.92 - ZIP / RAR Archive Handling Traversal Arbitrary File Overwrite

source: https://www.securityfocus.com/bid/25419/info Unreal Commander is prone to multiple remote vulnerabilities when handling malformed ZIP and RAR archives. These vulnerabilities include a directory-traversal vulnerability, an information-disclosure vulnerability, and a filename-spoofing...