CVE-2007-4756

Sažetak

Directory traversal vulnerability in the FTP client in Total Commander before 7.02 allows remote FTP servers to create or overwrite arbitrary files via "..\" (dot dot backslash) sequences in a filename. NOTE: the "..\" are not displayed when the user lists files. NOTE: this can be leveraged for code execution by writing to a Startup folder.

Reference

http://blog.hispasec.com/lab/advisories/adv_TotalCommander_7_01_Remote_Traversal.txt
http://osvdb.org/39838
http://secunia.com/advisories/26734
http://securityreason.com/securityalert/3106
http://www.ghisler.com/whatsnew.htm
http://www.securityfocus.com/archive/1/478720/100/0/threaded
http://www.securityfocus.com/bid/25581
http://www.securitytracker.com/id?1018662
http://www.vupen.com/english/advisories/2007/3102
https://exchange.xforce.ibmcloud.com/vulnerabilities/36486
https://exchange.xforce.ibmcloud.com/vulnerabilities/36487

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

15-10-2018 - 21:37

Objavljeno

08-09-2007 - 01:17