Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3015

Overview

Vulnerability Score 7.1 7.1
CVE Id CVE-2006-3015
Last Modified 07 Mar 2011 09:37:28
Published 14 Jun 2006 11:06:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-3015

Summary

Argument injection vulnerability in WinSCP 3.8.1 build 328 allows remote attackers to upload or download arbitrary files via encoded spaces and double-quote characters in a scp or sftp URI.

Vulnerable Systems

Application

  • Winscp 3.8.1 Build328


References

CERT-VN - VU#912588

XF - winscp-uri-handler-command-execution(27075)

VUPEN - ADV-2006-2289

BID - 18384

CONFIRM - http://winscp.net/eng/docs/history#3.8.2

SECUNIA - 20575

FULLDISC - 20060611 WinSCP - URI Handler Command Switch Parsing

FULLDISC - 20060310 WinSCP - URI Handler Command Switch Parsing


Last Updated: 27 May 2016 10:42:51