CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 1CVE-2020-17381
https://notcve.org/view.php?id=CVE-2020-17381
21 Oct 2020 — An issue was discovered in Ghisler Total Commander 9.51. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the %SYSTEMDRIVE%\totalcmd\TOTALCMD64.EXE binary. Se detectó un problema en Ghisler Total Commander versión 9.51. Debido a restricciones de acceso insuficientes en el directorio de instalación predeterminado, un atacante puede elevar los privilegios al reemplazar el binario %SYSTEMDRIVE%\totalcmd\TOTALCMD64.EXE • https://github.com/OffensiveOceloot/advisories/blob/main/CVE-2020-17381.md • CWE-276: Incorrect Default Permissions •
CVSS: 5.5EPSS: 2%CPEs: 1EXPL: 0CVE-2015-2869
https://notcve.org/view.php?id=CVE-2015-2869
21 Jul 2015 — The FileInfo plugin before 2.22 for Ghisler Total Commander allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via (1) a large Size value in the Archive Member Header of a COFF Archive Library file, (2) a large Number Of Symbols value in the 1st Linker Member of a COFF Archive Library file, (3) a large Resource Table Count value in the LE Header of a Linear Executable file, or (4) a large value in a certain Object field in a Resource Table Entry in a Linear Execu... • http://blogs.cisco.com/security/talos/fileinfo-plugin-dos • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2007-4756
https://notcve.org/view.php?id=CVE-2007-4756
08 Sep 2007 — Directory traversal vulnerability in the FTP client in Total Commander before 7.02 allows remote FTP servers to create or overwrite arbitrary files via "..\" (dot dot backslash) sequences in a filename. NOTE: the "..\" are not displayed when the user lists files. NOTE: this can be leveraged for code execution by writing to a Startup folder. Vulnerabilidad de salto de directorio en el cliente FTP de Total Commander versiones anteriores a 7.02, permite a servidores FTP remotos crear o sobre-escribir ficheros ... • http://blog.hispasec.com/lab/advisories/adv_TotalCommander_7_01_Remote_Traversal.txt • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 18%CPEs: 2EXPL: 2CVE-2007-4463 – Total Commander FileInfo 2.09 Plugin - Multiple PE File Denial of Service Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-4463
21 Aug 2007 — The Fileinfo 2.0.9 plugin for Total Commander allows user-assisted remote attackers to cause a denial of service (unhandled exception) via an invalid RVA address function pointer in (1) an IMAGE_THUNK_DATA structure, involving the (a) OriginalFirstThunk and (b) FirstThunk IMAGE_IMPORT_DESCRIPTOR fields, or (2) the AddressOfNames IMAGE_EXPORT_DIRECTORY field in a PE file. La extensión Fileinfo 2.0.9 para Total Commander permite a atacantes remotos con la intervención del usuario provocar una denegación de se... • https://www.exploit-db.com/exploits/30512 •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2007-4464
https://notcve.org/view.php?id=CVE-2007-4464
21 Aug 2007 — CRLF injection vulnerability in the Fileinfo 2.0.9 plugin for Total Commander allows user-assisted remote attackers to spoof the information in the Image File Header tab via strings with CRLF sequences in the IMAGE_EXPORT_DIRECTORY array in a PE file, which could complicate forensics investigations. Una vulnerabilidad de inyección CRLF en el plugin Fileinfo versión 2.0.9 para Total Commander, permite a atacantes remotos asistidos por el usuario falsificar la información de la pestaña del encabezado Image Fi... • http://blog.hispasec.com/lab/230 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2005-4066
https://notcve.org/view.php?id=CVE-2005-4066
07 Dec 2005 — Total Commander 6.53 uses weak encryption to store FTP usernames and passwords in WCX_FTP.INI, which allows local users to decrypt the passwords and gain access to FTP servers, as possibly demonstrated by the W32.Gudeb worm. • http://securitytracker.com/id?1015311 • CWE-310: Cryptographic Issues •