CVE-2007-4909

Interpretation conflict in WinSCP before 4.0.4 allows remote attackers to perform arbitrary file transfers with a remote server via file-transfer commands in the final portion of a (1) scp, and possibly a (2) sftp or (3) ftp, URL, as demonstrated by a URL specifying login to the remote server with ...

CVE-2020-28864

Buffer overflow in WinSCP 5.17.8 allows a malicious FTP server to cause a denial of service or possibly have other unspecified impact via a long file name.