WinSCP before 5.17.10 allows remote attackers to execute arbitrary programs when the URL handler encounters a crafted URL that loads session settings. (For example, this is exploitable in a default installation in which WinSCP is the handler for sftp:// URLs.)
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HWinscp
APPWinscp< 5.17.10
Powiązane podatności
Buffer overflow in WinSCP 5.17.8 allows a malicious FTP server to cause a denial of service or possibly have o...
In WinSCP before 5.14 beta, due to missing validation, the scp implementation would accept arbitrary files sen...
Interpretation conflict in WinSCP before 4.0.4 allows remote attackers to perform arbitrary file transfers wit...
Argument injection vulnerability in WinSCP 3.8.1 build 328 allows remote attackers to upload or download arbit...
Multiple SSH2 servers and clients do not properly handle large packets or large fields, which may allow remote...