32 matches found
EUVD-2007-4528
Malware in sbrugna...
EUVD-2007-4825
Malware in sbrugna...
EUVD-2007-4824
Malware in sbrugna...
EUVD-2007-4529
Malware in sbrugna...
EUVD-2007-4530
Malware in sbrugna...
Unreal Commander 0.92 - ZIP / RAR Archive Handling Traversal Arbitrary File Overwrite
No description provided by source. source: http://www.securityfocus.com/bid/25419/info Unreal Commander is prone to multiple remote vulnerabilities when handling malformed ZIP and RAR archives. These vulnerabilities include a directory-traversal vulnerability, an information-disclosure...
CVE-2007-4843
Directory traversal vulnerability in X-Diesel Unreal Commander 0.92 build 565 and 573 allows remote FTP servers to create or overwrite arbitrary files via a .. dot dot in a filename. NOTE: this can be leveraged for code execution by writing to a Startup folder...
Command injection
X-Diesel Unreal Commander 0.92 build 565 and 573 does not properly react to an FTP server's behavior after sending a "CWD /" command, which allows remote FTP servers to cause a denial of service infinite loop by 1 repeatedly sending a 550 error response, or 2 sending a 550 error response and then...
Directory traversal
Directory traversal vulnerability in X-Diesel Unreal Commander 0.92 build 565 and 573 allows remote FTP servers to create or overwrite arbitrary files via a .. dot dot in a filename. NOTE: this can be leveraged for code execution by writing to a Startup folder...
CVE-2007-4844
X-Diesel Unreal Commander 0.92 build 565 and 573 does not properly react to an FTP server's behavior after sending a "CWD /" command, which allows remote FTP servers to cause a denial of service infinite loop by 1 repeatedly sending a 550 error response, or 2 sending a 550 error response and then...
CVE-2007-4843
The CVE-2007-4843 entry concerns a directory traversal vulnerability in X-Diesel Unreal Commander 0.92 build 565 and 573 . A remote FTP server can craft a filename containing “..” to create or overwrite arbitrary files. The existing note indicates this can be leveraged for code execution by writi...
CVE-2007-4844
The CVE concerns X-Diesel Unreal Commander 0.92 (builds 565 and 573). The flaw is in how it handles an FTP server’s response to CWD /, leading to a denial of service (infinite loop) when the server repeatedly returns 550 errors or 550 followed by disconnect. Root cause: improper handling of FTP e...
CVE-2007-4844
X-Diesel Unreal Commander 0.92 build 565 and 573 does not properly react to an FTP server's behavior after sending a "CWD /" command, which allows remote FTP servers to cause a denial of service infinite loop by 1 repeatedly sending a 550 error response, or 2 sending a 550 error response and then...
CVE-2007-4843
Directory traversal vulnerability in X-Diesel Unreal Commander 0.92 build 565 and 573 allows remote FTP servers to create or overwrite arbitrary files via a .. dot dot in a filename. NOTE: this can be leveraged for code execution by writing to a Startup folder...
[HISPASEC] 2K7SEPT6 X-Diesel Unreal Commander v0.92 (build 573) multiple FTP-based vulnerabilities
HISPASEC Security Advisory http://blog.hispasec.com/lab/ Name : 2K7SEPT6 X-Diesel Unreal Commander v0.92 build 573 multiple FTP-based vulnerabilities Class : Remote directory traversal, Remote DoS Threat level : HIGH Discovered : 2007-09-06 Published : 2007-08-24 Credit : Gynvael Coldwind...
xdiesel-traverse.txt
HISPASEC Security Advisory http://blog.hispasec.com/lab/ Name : 2K7SEPT6 X-Diesel Unreal Commander v0.92 build 573 multiple FTP-based vulnerabilities Class : Remote directory traversal, Remote DoS Threat level : HIGH Discovered : 2007-09-06 Published : 2007-08-24 Credit : Gynvael Coldwind...
Unreal Commander 0.92 - Directory Traversal
Unreal Commander 0.92 - Directory Traversal source: https://www.securityfocus.com/bid/25583/info Unreal Commander is prone to multiple remote vulnerabilities, including a directory-traversal issue and a denial-of-service issue. An attacker can exploit these issues to compromise the affected...
CVE-2007-4547
Unreal Commander 0.92 build 565 and 573 writes portions of heap memory into local files when extracting from an archive with malformed size information in a file header, which might allow user-assisted attackers to obtain sensitive information memory contents by reading the extracted files. NOTE:...
CVE-2007-4546
Unreal Commander 0.92 build 565 and 573 lists the filenames from the Central Directory of a ZIP archive, but extracts to local filenames corresponding to names in Local File Header fields in this archive, which might allow remote attackers to trick a user into performing a dangerous file overwrit...
Design/Logic Flaw
Unreal Commander 0.92 build 565 and 573 writes portions of heap memory into local files when extracting from an archive with malformed size information in a file header, which might allow user-assisted attackers to obtain sensitive information memory contents by reading the extracted files. NOTE:...