CVSS: 6.8EPSS: 2%CPEs: 57EXPL: 0CVE-2013-4852
https://notcve.org/view.php?id=CVE-2013-4852
Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negative size value in an RSA key signature during the SSH handshake, which triggers a heap-based buffer overflow. Desbordamiento de entero en PuTTY 0.62 y anteriores, WinSCP anterior a 5.1.6, y otros productos que usan PuTTY, permite a servidores SSH remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario en determinadas aplicaciones que utilizan PuTTY a través de un tamaño negativo en el valor de la firma en la clave RSA durante el handshake SSH, que provoca un desbordamiento basado en memoria dinámica. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718779 http://lists.opensuse.org/opensuse-updates/2013-08/msg00035.html http://lists.opensuse.org/opensuse-updates/2013-08/msg00041.html http://secunia.com/advisories/54379 http://secunia.com/advisories/54517 http://secunia.com/advisories/54533 http://svn.tartarus.org/sgt?view=revision&sortby=date&revision=9896 http://winscp.net/tracker/show_bug.cgi?id=1017 http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-signature&# • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 7%CPEs: 12EXPL: 1CVE-2007-4909 – WinSCP 4.0.3 - URL Protocol Handler Arbitrary File Access
https://notcve.org/view.php?id=CVE-2007-4909
Interpretation conflict in WinSCP before 4.0.4 allows remote attackers to perform arbitrary file transfers with a remote server via file-transfer commands in the final portion of a (1) scp, and possibly a (2) sftp or (3) ftp, URL, as demonstrated by a URL specifying login to the remote server with a username of scp, which is interpreted as an HTTP scheme name by the protocol handler in a web browser, but is interpreted as a username by WinSCP. NOTE: this is related to an incomplete fix for CVE-2006-3015. Conflicto de interpretación en WinSCP anterior a 4.0.4 permite a atacantes remotos llevar a cabo transferencias de archvios de su elección con un servidor remoto a través de comandos de transferencia de archivos en la porción final de un (1) scp, y posiblemente un (2)sftp o (3) ftp, URL, tal y como se demostró con la validación de una URL específica en un servidor remoto con un nombre de usuario de scp, el cual es interpretado como un nombre de esquema HTTP a través del manejador de protocolo del navegador web, pero este es interpretado como un nombre de usuario por WinSCP. NOTA: esto está relacionado con un parche incompleto para CVE-2006-3015. • https://www.exploit-db.com/exploits/30582 http://secunia.com/advisories/26820 http://securityreason.com/securityalert/3141 http://winscp.cvs.sourceforge.net/winscp/winscp3/core/SessionData.cpp?r1=1.29&r2=1.30 http://winscp.net/eng/docs/history http://www.securityfocus.com/archive/1/479298/100/0/threaded http://www.securityfocus.com/bid/25655 http://www.securitytracker.com/id?1018697 https://exchange.xforce.ibmcloud.com/vulnerabilities/36591 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.1EPSS: 8%CPEs: 1EXPL: 3CVE-2006-3015 – WinSCP 3.8.1 - URI Handler Arbitrary File Access
https://notcve.org/view.php?id=CVE-2006-3015
Argument injection vulnerability in WinSCP 3.8.1 build 328 allows remote attackers to upload or download arbitrary files via encoded spaces and double-quote characters in a scp or sftp URI. Vulnerabilidad de inyección de argumento en WinSCP 3.8.1 build 328 permite a atacantes remotos subir o descargar archivos arbitrarios a través de espacios codificados y caracteres de comillas dobles en un URI scp o sftp. • https://www.exploit-db.com/exploits/28007 http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0196.html http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046810.html http://secunia.com/advisories/20575 http://winscp.net/eng/docs/history#3.8.2 http://www.kb.cert.org/vuls/id/912588 http://www.securityfocus.com/bid/18384 http://www.vupen.com/english/advisories/2006/2289 https://exchange.xforce.ibmcloud.com/vulnerabilities/27075 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 10.0EPSS: 4%CPEs: 16EXPL: 0CVE-2002-1358
https://notcve.org/view.php?id=CVE-2002-1358
Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite. • http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html http://securitytracker.com/id?1005812 http://securitytracker.com/id?1005813 http://www.cert.org/advisories/CA-2002-36.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5721 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 4%CPEs: 16EXPL: 0CVE-2002-1360
https://notcve.org/view.php?id=CVE-2002-1360
Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary code due to interactions with the use of null-terminated strings as implemented using languages such as C, as demonstrated by the SSHredder SSH protocol test suite. • http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html http://securitytracker.com/id?1005812 http://securitytracker.com/id?1005813 http://www.cert.org/advisories/CA-2002-36.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5797 • CWE-20: Improper Input Validation •