3 matches found
Design/Logic Flaw
Interpretation conflict in WinSCP before 4.0.4 allows remote attackers to perform arbitrary file transfers with a remote server via file-transfer commands in the final portion of a 1 scp, and possibly a 2 sftp or 3 ftp, URL, as demonstrated by a URL specifying login to the remote server with a...
CVE-2007-4909
Interpretation conflict in WinSCP before 4.0.4 allows remote attackers to perform arbitrary file transfers with a remote server via file-transfer commands in the final portion of a 1 scp, and possibly a 2 sftp or 3 ftp, URL, as demonstrated by a URL specifying login to the remote server with a...
CVE-2007-4909
WinSCP (before 4.0.4) is affected by an interpretation conflict in its URL handler that lets remote attackers perform arbitrary file transfers via certain scp/sftp/ftp URLs, by abusing a login-as-username on the URL which is parsed differently by the protocol handler. The issue is described as a ...