Argument injection vulnerability in WinSCP 3.8.1 build 328 allows remote attackers to upload or download arbitrary files via encoded spaces and double-quote characters in a scp or sftp URI.
References
Configurations
History
21 Nov 2024, 00:12
Type | Values Removed | Values Added |
---|---|---|
References | () http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0196.html - Broken Link | |
References | () http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046810.html - Broken Link, Exploit | |
References | () http://secunia.com/advisories/20575 - Broken Link, Vendor Advisory | |
References | () http://winscp.net/eng/docs/history#3.8.2 - Release Notes | |
References | () http://www.kb.cert.org/vuls/id/912588 - Third Party Advisory, US Government Resource | |
References | () http://www.securityfocus.com/bid/18384 - Broken Link, Exploit, Third Party Advisory, VDB Entry | |
References | () http://www.vupen.com/english/advisories/2006/2289 - Broken Link | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/27075 - Third Party Advisory, VDB Entry |
13 Feb 2024, 17:49
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-88 | |
References | (SECUNIA) http://secunia.com/advisories/20575 - Broken Link, Vendor Advisory | |
References | (CONFIRM) http://winscp.net/eng/docs/history#3.8.2 - Release Notes | |
References | (FULLDISC) http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046810.html - Broken Link, Exploit | |
References | (CERT-VN) http://www.kb.cert.org/vuls/id/912588 - Third Party Advisory, US Government Resource | |
References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/27075 - Third Party Advisory, VDB Entry | |
References | (VUPEN) http://www.vupen.com/english/advisories/2006/2289 - Broken Link | |
References | (BID) http://www.securityfocus.com/bid/18384 - Broken Link, Exploit, Third Party Advisory, VDB Entry | |
References | (FULLDISC) http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0196.html - Broken Link | |
CPE | cpe:2.3:a:winscp:winscp:3.8.1:*:*:*:*:*:*:* |
Information
Published : 2006-06-14 15:06
Updated : 2024-11-21 00:12
NVD link : CVE-2006-3015
Mitre link : CVE-2006-3015
CVE.ORG link : CVE-2006-3015
JSON object : View
Products Affected
winscp
- winscp
CWE
CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')