Interpretation conflict in WinSCP before 4.0.4 allows remote attackers to perform arbitrary file transfers with a remote server via file-transfer commands in the final portion of a (1) scp, and possibly a (2) sftp or (3) ftp, URL, as demonstrated by a URL specifying login to the remote server with a username of scp, which is interpreted as an HTTP scheme name by the protocol handler in a web browser, but is interpreted as a username by WinSCP. NOTE: this is related to an incomplete fix for CVE-2006-3015.
AV:N/AC:M/Au:N/C:C/I:C/A:CWinscp
APPWinscp2.0.03.5.5_beta3.5.63.63.6.13.6.5_beta3.6.63.6.73.8.13.8.24.0.24.0.3
Related vulnerabilities
WinSCP before 5.17.10 allows remote attackers to execute arbitrary programs when the URL handler encounters a ...
Buffer overflow in WinSCP 5.17.8 allows a malicious FTP server to cause a denial of service or possibly have o...
In WinSCP before 5.14 beta, due to missing validation, the scp implementation would accept arbitrary files sen...
Argument injection vulnerability in WinSCP 3.8.1 build 328 allows remote attackers to upload or download arbit...
Multiple SSH2 servers and clients do not properly handle large packets or large fields, which may allow remote...