3 matches found
CVE-2007-4909
WinSCP (before 4.0.4) is affected by an interpretation conflict in its URL handler that lets remote attackers perform arbitrary file transfers via certain scp/sftp/ftp URLs, by abusing a login-as-username on the URL which is parsed differently by the protocol handler. The issue is described as a ...
CVE-2006-3015
WinSCP 3.8.1 build 328 is vulnerable to an argument injection allowing remote attackers to upload or download arbitrary files via encoded spaces and double-quote characters in scp/sftp URIs. Several connected records confirm this issue and note an incomplete fix for CVE-2006-3015; remediation is ...
KLA11446 SB vulnerability in WinSCP
Argument injection vulnerability was found in WinSCP. Malicious users can exploit this vulnerability to bypass security restrictions. Original advisories Older Versions Related products WinSCP CVE list CVE-2006-3015 high Solution Update to the latest version Download WinSCP Impacts SB Security...