WinSCP URI Handler Arbitrary File Access

According to its version, the WinSCP install on the remote host allows a remote attacker to automatically initiate a file transfer to or from the affected host or to append log information to an existing file, provided that the user can be tricked into clicking on a malicious link. C Tenable...

[Full-disclosure] WinSCP - URI Handler Command Switch Parsing

WinSCP - URI Handler Command Switch Parsing About winscp : WinSCP is an open source freeware SFTP client for Windows using SSH. Legacy SCP protocol is also supported. Its main function is safe copying of files between a local and a remote computer. Versions affected : It was tested on WinSCP 3.8....

WeOnlyDo! SFTP ActiveX control fails to properly restrict access to methods

Overview The WeOnlyDo! SFTP ActiveX control is incorrectly marked safe for scripting. This may allow a remote unauthenticated attacker to upload arbitrary files from a vulnerable system to an SFTP server or download arbitrary files from an SFTP server to a vulnerable system. Description...

Skype information leak

It's possible to construct URL in the file file will be transferred from Skype user's computer to another skype user without any confirmation...

[Full-disclosure] Skype - URI Handler Command Switch Parsing

======================================================================== = Skype - URI Handler Command Switch Parsing = = Vendor Website: = http://www.skype.com = = Affected Version: = Skype for Windows: = All releases prior to and including 2.0..104 = Release 2.5..0 to and including 2.5..78 = =...

SKYPE-SB/2006-001: Improper handling of URI arguments

SKYPE-SB/2006-001: Improper handling of URI arguments Bulletin title: Improper handling of URI arguments Bulletin ID: SKYPE-SB/2006-001 Bulletin status: FINAL Date of announcement: 2006-05-19 08:00:00 +0000 Products affected: Skype for Windows Vulnerability type: Argument handling CVE references:...

Do All in Cmd Shell-vulnerability warning-the black bar safety net

Directory 1, Preface 2, The file transmission 3, The system configuration 4, the network configuration 5, software installation 6, Windows Script 7, The accompanying statement Foreword Cmd Shellcommand line interactionis a hack eternal topic, it is the historic and enduring it. This article is...

Design/Logic Flaw

ircpio.c in libopenobex for ircp 1.2, when ircp is run with the -r option, does not prompt the user when overwriting files, which allows user-assisted remote attackers to overwrite dangerous files via an arbitrary destination file name in an OBEX File Transfer session...

CVE-2006-2366

ircpio.c in libopenobex for ircp 1.2, when ircp is run with the -r option, does not prompt the user when overwriting files, which allows user-assisted remote attackers to overwrite dangerous files via an arbitrary destination file name in an OBEX File Transfer session...

CVE-2006-2366

ircpio.c in libopenobex for ircp 1.2, when ircp is run with the -r option, does not prompt the user when overwriting files, which allows user-assisted remote attackers to overwrite dangerous files via an arbitrary destination file name in an OBEX File Transfer session...

DEBIAN-CVE-2006-2366

ircpio.c in libopenobex for ircp 1.2, when ircp is run with the -r option, does not prompt the user when overwriting files, which allows user-assisted remote attackers to overwrite dangerous files via an arbitrary destination file name in an OBEX File Transfer session...

CVE-2006-2366

ircpio.c in libopenobex for ircp 1.2, when ircp is run with the -r option, does not prompt the user when overwriting files, which allows user-assisted remote attackers to overwrite dangerous files via an arbitrary destination file name in an OBEX File Transfer session...

CVE-2006-2366

ircpio.c in libopenobex for ircp 1.2, when ircp is run with the -r option, does not prompt the user when overwriting files, which allows user-assisted remote attackers to overwrite dangerous files via an arbitrary destination file name in an OBEX File Transfer session...

CVE-2006-2366

CVE-2006-2366 affects libopenobex/ircp 1.2. The ircp -r mode does not prompt before overwriting files in OBEX File Transfer, allowing user-assisted remote attackers to overwrite arbitrary destination files. Concrete details in the NVD/NVD-derived entries confirm the vulnerability in ircp_io.c and...

CVE-2006-2366

ircpio.c in libopenobex for ircp 1.2, when ircp is run with the -r option, does not prompt the user when overwriting files, which allows user-assisted remote attackers to overwrite dangerous files via an arbitrary destination file name in an OBEX File Transfer session...

Heap overflow

Heap-based buffer overflow in Winny 2.0 b7.1 and earlier allows remote attackers to execute arbitrary code via long strings to certain commands sent to the file transfer port...

CVE-2006-2007

Heap-based buffer overflow in Winny 2.0 b7.1 and earlier allows remote attackers to execute arbitrary code via long strings to certain commands sent to the file transfer port...

CVE-2006-2007

CVE-2006-2007 describes a heap-based buffer overflow in Winny 2.0 b7.1 and earlier. The vulnerability occurs when processing certain commands sent to the file transfer port, using unvalidated input (long strings) that can lead to remote code execution. Affected product: Winny (2.0 b7.1 and earlie...

How To Protect Against Instant Messaging Vulnerabilities: Blocking Google Talk

Google Talk is an application used to call or send instant messages for Microsoft Windows operating systems. Instant messaging applications may risk an organization's security in the following ways:1. Vulnerabilities in IM applications could be exploited to compromise a user's system i.e MSN...

CVE-2006-1366

Buffer overflow in the Motorola PEBL U6 08.83.76R, and possibly other Motorola P2K-based phones, allows remote attackers to cause a denial of service device shutdown, and possibly execute arbitrary code, via a long OBEX setpath to the OBEX File Transfer aka FTP service on Bluetooth channel 9...