Search criteria
10 vulnerabilities found for total_commander by ghisler
CVE-2020-17381 (GCVE-0-2020-17381)
Vulnerability from nvd – Published: 2020-10-21 00:00 – Updated: 2024-08-04 13:53
VLAI?
Summary
An issue was discovered in Ghisler Total Commander 9.51. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the %SYSTEMDRIVE%\totalcmd\TOTALCMD64.EXE binary.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:53:16.521Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/an0ry/advisories/blob/main/CVE-2020-17381.md"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/OffensiveOceloot/advisories/blob/main/CVE-2020-17381.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Ghisler Total Commander 9.51. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the %SYSTEMDRIVE%\\totalcmd\\TOTALCMD64.EXE binary."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-15T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/an0ry/advisories/blob/main/CVE-2020-17381.md"
},
{
"url": "https://github.com/OffensiveOceloot/advisories/blob/main/CVE-2020-17381.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-17381",
"datePublished": "2020-10-21T00:00:00",
"dateReserved": "2020-08-07T00:00:00",
"dateUpdated": "2024-08-04T13:53:16.521Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2869 (GCVE-0-2015-2869)
Vulnerability from nvd – Published: 2015-07-21 15:00 – Updated: 2024-08-06 05:32
VLAI?
Summary
The FileInfo plugin before 2.22 for Ghisler Total Commander allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via (1) a large Size value in the Archive Member Header of a COFF Archive Library file, (2) a large Number Of Symbols value in the 1st Linker Member of a COFF Archive Library file, (3) a large Resource Table Count value in the LE Header of a Linear Executable file, or (4) a large value in a certain Object field in a Resource Table Entry in a Linear Executable file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:32:19.794Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blogs.cisco.com/security/talos/fileinfo-plugin-dos"
},
{
"name": "1033004",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033004"
},
{
"name": "75955",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75955"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://totalcmd.net/plugring/fileinfo.html"
},
{
"name": "VU#813631",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/813631"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The FileInfo plugin before 2.22 for Ghisler Total Commander allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via (1) a large Size value in the Archive Member Header of a COFF Archive Library file, (2) a large Number Of Symbols value in the 1st Linker Member of a COFF Archive Library file, (3) a large Resource Table Count value in the LE Header of a Linear Executable file, or (4) a large value in a certain Object field in a Resource Table Entry in a Linear Executable file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-20T09:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blogs.cisco.com/security/talos/fileinfo-plugin-dos"
},
{
"name": "1033004",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033004"
},
{
"name": "75955",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75955"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://totalcmd.net/plugring/fileinfo.html"
},
{
"name": "VU#813631",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/813631"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2015-2869",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The FileInfo plugin before 2.22 for Ghisler Total Commander allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via (1) a large Size value in the Archive Member Header of a COFF Archive Library file, (2) a large Number Of Symbols value in the 1st Linker Member of a COFF Archive Library file, (3) a large Resource Table Count value in the LE Header of a Linear Executable file, or (4) a large value in a certain Object field in a Resource Table Entry in a Linear Executable file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blogs.cisco.com/security/talos/fileinfo-plugin-dos",
"refsource": "MISC",
"url": "http://blogs.cisco.com/security/talos/fileinfo-plugin-dos"
},
{
"name": "1033004",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033004"
},
{
"name": "75955",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75955"
},
{
"name": "http://totalcmd.net/plugring/fileinfo.html",
"refsource": "MISC",
"url": "http://totalcmd.net/plugring/fileinfo.html"
},
{
"name": "VU#813631",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/813631"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2015-2869",
"datePublished": "2015-07-21T15:00:00",
"dateReserved": "2015-04-03T00:00:00",
"dateUpdated": "2024-08-06T05:32:19.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4756 (GCVE-0-2007-4756)
Vulnerability from nvd – Published: 2007-09-08 01:00 – Updated: 2024-08-07 15:08
VLAI?
Summary
Directory traversal vulnerability in the FTP client in Total Commander before 7.02 allows remote FTP servers to create or overwrite arbitrary files via "..\" (dot dot backslash) sequences in a filename. NOTE: the "..\" are not displayed when the user lists files. NOTE: this can be leveraged for code execution by writing to a Startup folder.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:08:33.792Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070906 [HISPASEC] 2K7SEPT6 Total Commander 7.01 Remote FTP Client Directory Traversal",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/478720/100/0/threaded"
},
{
"name": "26734",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26734"
},
{
"name": "39838",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39838"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ghisler.com/whatsnew.htm"
},
{
"name": "25581",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25581"
},
{
"name": "3106",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3106"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.hispasec.com/lab/advisories/adv_TotalCommander_7_01_Remote_Traversal.txt"
},
{
"name": "totalcommander-ftp-weak-security(36487)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36487"
},
{
"name": "ADV-2007-3102",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3102"
},
{
"name": "1018662",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018662"
},
{
"name": "totalcommander-ftp-directory-traversal(36486)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36486"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the FTP client in Total Commander before 7.02 allows remote FTP servers to create or overwrite arbitrary files via \"..\\\" (dot dot backslash) sequences in a filename. NOTE: the \"..\\\" are not displayed when the user lists files. NOTE: this can be leveraged for code execution by writing to a Startup folder."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070906 [HISPASEC] 2K7SEPT6 Total Commander 7.01 Remote FTP Client Directory Traversal",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/478720/100/0/threaded"
},
{
"name": "26734",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26734"
},
{
"name": "39838",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39838"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ghisler.com/whatsnew.htm"
},
{
"name": "25581",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25581"
},
{
"name": "3106",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3106"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.hispasec.com/lab/advisories/adv_TotalCommander_7_01_Remote_Traversal.txt"
},
{
"name": "totalcommander-ftp-weak-security(36487)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36487"
},
{
"name": "ADV-2007-3102",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3102"
},
{
"name": "1018662",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018662"
},
{
"name": "totalcommander-ftp-directory-traversal(36486)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36486"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4756",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the FTP client in Total Commander before 7.02 allows remote FTP servers to create or overwrite arbitrary files via \"..\\\" (dot dot backslash) sequences in a filename. NOTE: the \"..\\\" are not displayed when the user lists files. NOTE: this can be leveraged for code execution by writing to a Startup folder."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070906 [HISPASEC] 2K7SEPT6 Total Commander 7.01 Remote FTP Client Directory Traversal",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/478720/100/0/threaded"
},
{
"name": "26734",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26734"
},
{
"name": "39838",
"refsource": "OSVDB",
"url": "http://osvdb.org/39838"
},
{
"name": "http://www.ghisler.com/whatsnew.htm",
"refsource": "MISC",
"url": "http://www.ghisler.com/whatsnew.htm"
},
{
"name": "25581",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25581"
},
{
"name": "3106",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3106"
},
{
"name": "http://blog.hispasec.com/lab/advisories/adv_TotalCommander_7_01_Remote_Traversal.txt",
"refsource": "MISC",
"url": "http://blog.hispasec.com/lab/advisories/adv_TotalCommander_7_01_Remote_Traversal.txt"
},
{
"name": "totalcommander-ftp-weak-security(36487)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36487"
},
{
"name": "ADV-2007-3102",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3102"
},
{
"name": "1018662",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018662"
},
{
"name": "totalcommander-ftp-directory-traversal(36486)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36486"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4756",
"datePublished": "2007-09-08T01:00:00",
"dateReserved": "2007-09-07T00:00:00",
"dateUpdated": "2024-08-07T15:08:33.792Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4464 (GCVE-0-2007-4464)
Vulnerability from nvd – Published: 2007-08-21 21:00 – Updated: 2024-08-07 14:53
VLAI?
Summary
CRLF injection vulnerability in the Fileinfo 2.0.9 plugin for Total Commander allows user-assisted remote attackers to spoof the information in the Image File Header tab via strings with CRLF sequences in the IMAGE_EXPORT_DIRECTORY array in a PE file, which could complicate forensics investigations.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:53:55.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.hispasec.com/lab/advisories/adv_Fileinfo-2_09_multiple_vulnerabilities.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.hispasec.com/lab/230"
},
{
"name": "46834",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46834"
},
{
"name": "20070820 [HISPASEC] Fileinfo 2.0.9 plugin for Total Commander multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/477170/100/0/threaded"
},
{
"name": "fileinfo-multiple-pe-header-spoofing(36127)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36127"
},
{
"name": "3044",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3044"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in the Fileinfo 2.0.9 plugin for Total Commander allows user-assisted remote attackers to spoof the information in the Image File Header tab via strings with CRLF sequences in the IMAGE_EXPORT_DIRECTORY array in a PE file, which could complicate forensics investigations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.hispasec.com/lab/advisories/adv_Fileinfo-2_09_multiple_vulnerabilities.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.hispasec.com/lab/230"
},
{
"name": "46834",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46834"
},
{
"name": "20070820 [HISPASEC] Fileinfo 2.0.9 plugin for Total Commander multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/477170/100/0/threaded"
},
{
"name": "fileinfo-multiple-pe-header-spoofing(36127)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36127"
},
{
"name": "3044",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3044"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4464",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in the Fileinfo 2.0.9 plugin for Total Commander allows user-assisted remote attackers to spoof the information in the Image File Header tab via strings with CRLF sequences in the IMAGE_EXPORT_DIRECTORY array in a PE file, which could complicate forensics investigations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.hispasec.com/lab/advisories/adv_Fileinfo-2_09_multiple_vulnerabilities.txt",
"refsource": "MISC",
"url": "http://blog.hispasec.com/lab/advisories/adv_Fileinfo-2_09_multiple_vulnerabilities.txt"
},
{
"name": "http://blog.hispasec.com/lab/230",
"refsource": "MISC",
"url": "http://blog.hispasec.com/lab/230"
},
{
"name": "46834",
"refsource": "OSVDB",
"url": "http://osvdb.org/46834"
},
{
"name": "20070820 [HISPASEC] Fileinfo 2.0.9 plugin for Total Commander multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/477170/100/0/threaded"
},
{
"name": "fileinfo-multiple-pe-header-spoofing(36127)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36127"
},
{
"name": "3044",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3044"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4464",
"datePublished": "2007-08-21T21:00:00",
"dateReserved": "2007-08-21T00:00:00",
"dateUpdated": "2024-08-07T14:53:55.988Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4463 (GCVE-0-2007-4463)
Vulnerability from nvd – Published: 2007-08-21 21:00 – Updated: 2024-08-07 14:53
VLAI?
Summary
The Fileinfo 2.0.9 plugin for Total Commander allows user-assisted remote attackers to cause a denial of service (unhandled exception) via an invalid RVA address function pointer in (1) an IMAGE_THUNK_DATA structure, involving the (a) OriginalFirstThunk and (b) FirstThunk IMAGE_IMPORT_DESCRIPTOR fields, or (2) the AddressOfNames IMAGE_EXPORT_DIRECTORY field in a PE file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:53:56.053Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "fileinfo-multiple-pe-dos(36126)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36126"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.hispasec.com/lab/advisories/adv_Fileinfo-2_09_multiple_vulnerabilities.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.hispasec.com/lab/230"
},
{
"name": "25373",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25373"
},
{
"name": "20070820 [HISPASEC] Fileinfo 2.0.9 plugin for Total Commander multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/477170/100/0/threaded"
},
{
"name": "3044",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3044"
},
{
"name": "46835",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46835"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Fileinfo 2.0.9 plugin for Total Commander allows user-assisted remote attackers to cause a denial of service (unhandled exception) via an invalid RVA address function pointer in (1) an IMAGE_THUNK_DATA structure, involving the (a) OriginalFirstThunk and (b) FirstThunk IMAGE_IMPORT_DESCRIPTOR fields, or (2) the AddressOfNames IMAGE_EXPORT_DIRECTORY field in a PE file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "fileinfo-multiple-pe-dos(36126)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36126"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.hispasec.com/lab/advisories/adv_Fileinfo-2_09_multiple_vulnerabilities.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.hispasec.com/lab/230"
},
{
"name": "25373",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25373"
},
{
"name": "20070820 [HISPASEC] Fileinfo 2.0.9 plugin for Total Commander multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/477170/100/0/threaded"
},
{
"name": "3044",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3044"
},
{
"name": "46835",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46835"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4463",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Fileinfo 2.0.9 plugin for Total Commander allows user-assisted remote attackers to cause a denial of service (unhandled exception) via an invalid RVA address function pointer in (1) an IMAGE_THUNK_DATA structure, involving the (a) OriginalFirstThunk and (b) FirstThunk IMAGE_IMPORT_DESCRIPTOR fields, or (2) the AddressOfNames IMAGE_EXPORT_DIRECTORY field in a PE file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "fileinfo-multiple-pe-dos(36126)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36126"
},
{
"name": "http://blog.hispasec.com/lab/advisories/adv_Fileinfo-2_09_multiple_vulnerabilities.txt",
"refsource": "MISC",
"url": "http://blog.hispasec.com/lab/advisories/adv_Fileinfo-2_09_multiple_vulnerabilities.txt"
},
{
"name": "http://blog.hispasec.com/lab/230",
"refsource": "MISC",
"url": "http://blog.hispasec.com/lab/230"
},
{
"name": "25373",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25373"
},
{
"name": "20070820 [HISPASEC] Fileinfo 2.0.9 plugin for Total Commander multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/477170/100/0/threaded"
},
{
"name": "3044",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3044"
},
{
"name": "46835",
"refsource": "OSVDB",
"url": "http://osvdb.org/46835"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4463",
"datePublished": "2007-08-21T21:00:00",
"dateReserved": "2007-08-21T00:00:00",
"dateUpdated": "2024-08-07T14:53:56.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-17381 (GCVE-0-2020-17381)
Vulnerability from cvelistv5 – Published: 2020-10-21 00:00 – Updated: 2024-08-04 13:53
VLAI?
Summary
An issue was discovered in Ghisler Total Commander 9.51. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the %SYSTEMDRIVE%\totalcmd\TOTALCMD64.EXE binary.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:53:16.521Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/an0ry/advisories/blob/main/CVE-2020-17381.md"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/OffensiveOceloot/advisories/blob/main/CVE-2020-17381.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Ghisler Total Commander 9.51. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the %SYSTEMDRIVE%\\totalcmd\\TOTALCMD64.EXE binary."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-15T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/an0ry/advisories/blob/main/CVE-2020-17381.md"
},
{
"url": "https://github.com/OffensiveOceloot/advisories/blob/main/CVE-2020-17381.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-17381",
"datePublished": "2020-10-21T00:00:00",
"dateReserved": "2020-08-07T00:00:00",
"dateUpdated": "2024-08-04T13:53:16.521Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2869 (GCVE-0-2015-2869)
Vulnerability from cvelistv5 – Published: 2015-07-21 15:00 – Updated: 2024-08-06 05:32
VLAI?
Summary
The FileInfo plugin before 2.22 for Ghisler Total Commander allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via (1) a large Size value in the Archive Member Header of a COFF Archive Library file, (2) a large Number Of Symbols value in the 1st Linker Member of a COFF Archive Library file, (3) a large Resource Table Count value in the LE Header of a Linear Executable file, or (4) a large value in a certain Object field in a Resource Table Entry in a Linear Executable file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:32:19.794Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blogs.cisco.com/security/talos/fileinfo-plugin-dos"
},
{
"name": "1033004",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033004"
},
{
"name": "75955",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75955"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://totalcmd.net/plugring/fileinfo.html"
},
{
"name": "VU#813631",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/813631"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The FileInfo plugin before 2.22 for Ghisler Total Commander allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via (1) a large Size value in the Archive Member Header of a COFF Archive Library file, (2) a large Number Of Symbols value in the 1st Linker Member of a COFF Archive Library file, (3) a large Resource Table Count value in the LE Header of a Linear Executable file, or (4) a large value in a certain Object field in a Resource Table Entry in a Linear Executable file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-20T09:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blogs.cisco.com/security/talos/fileinfo-plugin-dos"
},
{
"name": "1033004",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033004"
},
{
"name": "75955",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75955"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://totalcmd.net/plugring/fileinfo.html"
},
{
"name": "VU#813631",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/813631"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2015-2869",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The FileInfo plugin before 2.22 for Ghisler Total Commander allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via (1) a large Size value in the Archive Member Header of a COFF Archive Library file, (2) a large Number Of Symbols value in the 1st Linker Member of a COFF Archive Library file, (3) a large Resource Table Count value in the LE Header of a Linear Executable file, or (4) a large value in a certain Object field in a Resource Table Entry in a Linear Executable file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blogs.cisco.com/security/talos/fileinfo-plugin-dos",
"refsource": "MISC",
"url": "http://blogs.cisco.com/security/talos/fileinfo-plugin-dos"
},
{
"name": "1033004",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033004"
},
{
"name": "75955",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75955"
},
{
"name": "http://totalcmd.net/plugring/fileinfo.html",
"refsource": "MISC",
"url": "http://totalcmd.net/plugring/fileinfo.html"
},
{
"name": "VU#813631",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/813631"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2015-2869",
"datePublished": "2015-07-21T15:00:00",
"dateReserved": "2015-04-03T00:00:00",
"dateUpdated": "2024-08-06T05:32:19.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4756 (GCVE-0-2007-4756)
Vulnerability from cvelistv5 – Published: 2007-09-08 01:00 – Updated: 2024-08-07 15:08
VLAI?
Summary
Directory traversal vulnerability in the FTP client in Total Commander before 7.02 allows remote FTP servers to create or overwrite arbitrary files via "..\" (dot dot backslash) sequences in a filename. NOTE: the "..\" are not displayed when the user lists files. NOTE: this can be leveraged for code execution by writing to a Startup folder.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:08:33.792Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070906 [HISPASEC] 2K7SEPT6 Total Commander 7.01 Remote FTP Client Directory Traversal",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/478720/100/0/threaded"
},
{
"name": "26734",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26734"
},
{
"name": "39838",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39838"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ghisler.com/whatsnew.htm"
},
{
"name": "25581",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25581"
},
{
"name": "3106",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3106"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.hispasec.com/lab/advisories/adv_TotalCommander_7_01_Remote_Traversal.txt"
},
{
"name": "totalcommander-ftp-weak-security(36487)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36487"
},
{
"name": "ADV-2007-3102",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3102"
},
{
"name": "1018662",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018662"
},
{
"name": "totalcommander-ftp-directory-traversal(36486)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36486"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the FTP client in Total Commander before 7.02 allows remote FTP servers to create or overwrite arbitrary files via \"..\\\" (dot dot backslash) sequences in a filename. NOTE: the \"..\\\" are not displayed when the user lists files. NOTE: this can be leveraged for code execution by writing to a Startup folder."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070906 [HISPASEC] 2K7SEPT6 Total Commander 7.01 Remote FTP Client Directory Traversal",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/478720/100/0/threaded"
},
{
"name": "26734",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26734"
},
{
"name": "39838",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39838"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ghisler.com/whatsnew.htm"
},
{
"name": "25581",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25581"
},
{
"name": "3106",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3106"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.hispasec.com/lab/advisories/adv_TotalCommander_7_01_Remote_Traversal.txt"
},
{
"name": "totalcommander-ftp-weak-security(36487)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36487"
},
{
"name": "ADV-2007-3102",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3102"
},
{
"name": "1018662",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018662"
},
{
"name": "totalcommander-ftp-directory-traversal(36486)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36486"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4756",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the FTP client in Total Commander before 7.02 allows remote FTP servers to create or overwrite arbitrary files via \"..\\\" (dot dot backslash) sequences in a filename. NOTE: the \"..\\\" are not displayed when the user lists files. NOTE: this can be leveraged for code execution by writing to a Startup folder."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070906 [HISPASEC] 2K7SEPT6 Total Commander 7.01 Remote FTP Client Directory Traversal",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/478720/100/0/threaded"
},
{
"name": "26734",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26734"
},
{
"name": "39838",
"refsource": "OSVDB",
"url": "http://osvdb.org/39838"
},
{
"name": "http://www.ghisler.com/whatsnew.htm",
"refsource": "MISC",
"url": "http://www.ghisler.com/whatsnew.htm"
},
{
"name": "25581",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25581"
},
{
"name": "3106",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3106"
},
{
"name": "http://blog.hispasec.com/lab/advisories/adv_TotalCommander_7_01_Remote_Traversal.txt",
"refsource": "MISC",
"url": "http://blog.hispasec.com/lab/advisories/adv_TotalCommander_7_01_Remote_Traversal.txt"
},
{
"name": "totalcommander-ftp-weak-security(36487)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36487"
},
{
"name": "ADV-2007-3102",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3102"
},
{
"name": "1018662",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018662"
},
{
"name": "totalcommander-ftp-directory-traversal(36486)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36486"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4756",
"datePublished": "2007-09-08T01:00:00",
"dateReserved": "2007-09-07T00:00:00",
"dateUpdated": "2024-08-07T15:08:33.792Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4464 (GCVE-0-2007-4464)
Vulnerability from cvelistv5 – Published: 2007-08-21 21:00 – Updated: 2024-08-07 14:53
VLAI?
Summary
CRLF injection vulnerability in the Fileinfo 2.0.9 plugin for Total Commander allows user-assisted remote attackers to spoof the information in the Image File Header tab via strings with CRLF sequences in the IMAGE_EXPORT_DIRECTORY array in a PE file, which could complicate forensics investigations.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:53:55.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.hispasec.com/lab/advisories/adv_Fileinfo-2_09_multiple_vulnerabilities.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.hispasec.com/lab/230"
},
{
"name": "46834",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46834"
},
{
"name": "20070820 [HISPASEC] Fileinfo 2.0.9 plugin for Total Commander multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/477170/100/0/threaded"
},
{
"name": "fileinfo-multiple-pe-header-spoofing(36127)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36127"
},
{
"name": "3044",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3044"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in the Fileinfo 2.0.9 plugin for Total Commander allows user-assisted remote attackers to spoof the information in the Image File Header tab via strings with CRLF sequences in the IMAGE_EXPORT_DIRECTORY array in a PE file, which could complicate forensics investigations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.hispasec.com/lab/advisories/adv_Fileinfo-2_09_multiple_vulnerabilities.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.hispasec.com/lab/230"
},
{
"name": "46834",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46834"
},
{
"name": "20070820 [HISPASEC] Fileinfo 2.0.9 plugin for Total Commander multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/477170/100/0/threaded"
},
{
"name": "fileinfo-multiple-pe-header-spoofing(36127)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36127"
},
{
"name": "3044",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3044"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4464",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in the Fileinfo 2.0.9 plugin for Total Commander allows user-assisted remote attackers to spoof the information in the Image File Header tab via strings with CRLF sequences in the IMAGE_EXPORT_DIRECTORY array in a PE file, which could complicate forensics investigations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.hispasec.com/lab/advisories/adv_Fileinfo-2_09_multiple_vulnerabilities.txt",
"refsource": "MISC",
"url": "http://blog.hispasec.com/lab/advisories/adv_Fileinfo-2_09_multiple_vulnerabilities.txt"
},
{
"name": "http://blog.hispasec.com/lab/230",
"refsource": "MISC",
"url": "http://blog.hispasec.com/lab/230"
},
{
"name": "46834",
"refsource": "OSVDB",
"url": "http://osvdb.org/46834"
},
{
"name": "20070820 [HISPASEC] Fileinfo 2.0.9 plugin for Total Commander multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/477170/100/0/threaded"
},
{
"name": "fileinfo-multiple-pe-header-spoofing(36127)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36127"
},
{
"name": "3044",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3044"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4464",
"datePublished": "2007-08-21T21:00:00",
"dateReserved": "2007-08-21T00:00:00",
"dateUpdated": "2024-08-07T14:53:55.988Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4463 (GCVE-0-2007-4463)
Vulnerability from cvelistv5 – Published: 2007-08-21 21:00 – Updated: 2024-08-07 14:53
VLAI?
Summary
The Fileinfo 2.0.9 plugin for Total Commander allows user-assisted remote attackers to cause a denial of service (unhandled exception) via an invalid RVA address function pointer in (1) an IMAGE_THUNK_DATA structure, involving the (a) OriginalFirstThunk and (b) FirstThunk IMAGE_IMPORT_DESCRIPTOR fields, or (2) the AddressOfNames IMAGE_EXPORT_DIRECTORY field in a PE file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:53:56.053Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "fileinfo-multiple-pe-dos(36126)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36126"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.hispasec.com/lab/advisories/adv_Fileinfo-2_09_multiple_vulnerabilities.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.hispasec.com/lab/230"
},
{
"name": "25373",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25373"
},
{
"name": "20070820 [HISPASEC] Fileinfo 2.0.9 plugin for Total Commander multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/477170/100/0/threaded"
},
{
"name": "3044",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3044"
},
{
"name": "46835",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46835"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Fileinfo 2.0.9 plugin for Total Commander allows user-assisted remote attackers to cause a denial of service (unhandled exception) via an invalid RVA address function pointer in (1) an IMAGE_THUNK_DATA structure, involving the (a) OriginalFirstThunk and (b) FirstThunk IMAGE_IMPORT_DESCRIPTOR fields, or (2) the AddressOfNames IMAGE_EXPORT_DIRECTORY field in a PE file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "fileinfo-multiple-pe-dos(36126)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36126"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.hispasec.com/lab/advisories/adv_Fileinfo-2_09_multiple_vulnerabilities.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.hispasec.com/lab/230"
},
{
"name": "25373",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25373"
},
{
"name": "20070820 [HISPASEC] Fileinfo 2.0.9 plugin for Total Commander multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/477170/100/0/threaded"
},
{
"name": "3044",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3044"
},
{
"name": "46835",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46835"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4463",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Fileinfo 2.0.9 plugin for Total Commander allows user-assisted remote attackers to cause a denial of service (unhandled exception) via an invalid RVA address function pointer in (1) an IMAGE_THUNK_DATA structure, involving the (a) OriginalFirstThunk and (b) FirstThunk IMAGE_IMPORT_DESCRIPTOR fields, or (2) the AddressOfNames IMAGE_EXPORT_DIRECTORY field in a PE file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "fileinfo-multiple-pe-dos(36126)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36126"
},
{
"name": "http://blog.hispasec.com/lab/advisories/adv_Fileinfo-2_09_multiple_vulnerabilities.txt",
"refsource": "MISC",
"url": "http://blog.hispasec.com/lab/advisories/adv_Fileinfo-2_09_multiple_vulnerabilities.txt"
},
{
"name": "http://blog.hispasec.com/lab/230",
"refsource": "MISC",
"url": "http://blog.hispasec.com/lab/230"
},
{
"name": "25373",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25373"
},
{
"name": "20070820 [HISPASEC] Fileinfo 2.0.9 plugin for Total Commander multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/477170/100/0/threaded"
},
{
"name": "3044",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3044"
},
{
"name": "46835",
"refsource": "OSVDB",
"url": "http://osvdb.org/46835"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4463",
"datePublished": "2007-08-21T21:00:00",
"dateReserved": "2007-08-21T00:00:00",
"dateUpdated": "2024-08-07T14:53:56.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}