CVE-2006-3015

Argument injection vulnerability in WinSCP 3.8.1 build 328 allows remote attackers to upload or download arbitrary files via encoded spaces and double-quote characters in a scp or sftp URI.
Configurations

Configuration 1 (hide)

cpe:2.3:a:winscp:winscp:3.8.1:*:*:*:*:*:*:*

History

13 Feb 2024, 17:49

Type Values Removed Values Added
CWE CWE-94 CWE-88
CPE cpe:2.3:a:winscp:winscp:3.8.1_build328:*:*:*:*:*:*:* cpe:2.3:a:winscp:winscp:3.8.1:*:*:*:*:*:*:*
References () http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0196.html - () http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0196.html - Broken Link
References () http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046810.html - Exploit () http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046810.html - Broken Link, Exploit
References () http://secunia.com/advisories/20575 - Vendor Advisory () http://secunia.com/advisories/20575 - Broken Link, Vendor Advisory
References () http://winscp.net/eng/docs/history#3.8.2 - () http://winscp.net/eng/docs/history#3.8.2 - Release Notes
References () http://www.kb.cert.org/vuls/id/912588 - US Government Resource () http://www.kb.cert.org/vuls/id/912588 - Third Party Advisory, US Government Resource
References () http://www.securityfocus.com/bid/18384 - Exploit () http://www.securityfocus.com/bid/18384 - Broken Link, Exploit, Third Party Advisory, VDB Entry
References () http://www.vupen.com/english/advisories/2006/2289 - () http://www.vupen.com/english/advisories/2006/2289 - Broken Link
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/27075 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/27075 - Third Party Advisory, VDB Entry

Information

Published : 2006-06-14 15:06

Updated : 2024-02-13 17:49


NVD link : CVE-2006-3015

Mitre link : CVE-2006-3015

CVE.ORG link : CVE-2006-3015


JSON object : View

Products Affected

winscp

  • winscp
CWE
CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')