12 matches found
EUVD-2007-4824
Malware in sbrugna...
EUVD-2007-4825
Malware in sbrugna...
Command injection
X-Diesel Unreal Commander 0.92 build 565 and 573 does not properly react to an FTP server's behavior after sending a "CWD /" command, which allows remote FTP servers to cause a denial of service infinite loop by 1 repeatedly sending a 550 error response, or 2 sending a 550 error response and then...
Directory traversal
Directory traversal vulnerability in X-Diesel Unreal Commander 0.92 build 565 and 573 allows remote FTP servers to create or overwrite arbitrary files via a .. dot dot in a filename. NOTE: this can be leveraged for code execution by writing to a Startup folder...
CVE-2007-4844
X-Diesel Unreal Commander 0.92 build 565 and 573 does not properly react to an FTP server's behavior after sending a "CWD /" command, which allows remote FTP servers to cause a denial of service infinite loop by 1 repeatedly sending a 550 error response, or 2 sending a 550 error response and then...
CVE-2007-4843
Directory traversal vulnerability in X-Diesel Unreal Commander 0.92 build 565 and 573 allows remote FTP servers to create or overwrite arbitrary files via a .. dot dot in a filename. NOTE: this can be leveraged for code execution by writing to a Startup folder...
CVE-2007-4844
The CVE concerns X-Diesel Unreal Commander 0.92 (builds 565 and 573). The flaw is in how it handles an FTP server’s response to CWD /, leading to a denial of service (infinite loop) when the server repeatedly returns 550 errors or 550 followed by disconnect. Root cause: improper handling of FTP e...
CVE-2007-4843
The CVE-2007-4843 entry concerns a directory traversal vulnerability in X-Diesel Unreal Commander 0.92 build 565 and 573 . A remote FTP server can craft a filename containing “..” to create or overwrite arbitrary files. The existing note indicates this can be leveraged for code execution by writi...
CVE-2007-4844
X-Diesel Unreal Commander 0.92 build 565 and 573 does not properly react to an FTP server's behavior after sending a "CWD /" command, which allows remote FTP servers to cause a denial of service infinite loop by 1 repeatedly sending a 550 error response, or 2 sending a 550 error response and then...
CVE-2007-4843
Directory traversal vulnerability in X-Diesel Unreal Commander 0.92 build 565 and 573 allows remote FTP servers to create or overwrite arbitrary files via a .. dot dot in a filename. NOTE: this can be leveraged for code execution by writing to a Startup folder...
X-Diesel Unreal Commander v0.92 (build 573) multiple vulnerabilities
HISPASEC Security Advisory http://blog.hispasec.com/lab/ Name : X-Diesel Unreal Commander v0.92 build 573 multiple vulnerabilities Class : Local/Remote multiple directory traversal Input Validation Error Threat level : HIGH Discovered : 2007-08-09 Published : 2007-08-23 Credit : Gynvael Coldwind...
Unreal Commander畸形压缩文档多个远程漏洞
BUGTRAQ ID: 25419 Unreal Commander是一款免费的Windows平台文件管理器。 Unreal Commander在解压文件时存在多个安全漏洞,攻击者可能通过诱使用户处理恶意文件控制用户系统。 如果用户使用Unreal Commander解压了文件名包含有类似于以下目录遍历序列的ZIP或RAR文档的话: Something/../../../../../../Program Files/Something/ws232.dll 就会导致在指定目录中创建ws232.dll文件。 ZIP文档中包含有两处写入文件名的位置:Local文件头和Central...