CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2007-4756
https://notcve.org/view.php?id=CVE-2007-4756
08 Sep 2007 — Directory traversal vulnerability in the FTP client in Total Commander before 7.02 allows remote FTP servers to create or overwrite arbitrary files via "..\" (dot dot backslash) sequences in a filename. NOTE: the "..\" are not displayed when the user lists files. NOTE: this can be leveraged for code execution by writing to a Startup folder. Vulnerabilidad de salto de directorio en el cliente FTP de Total Commander versiones anteriores a 7.02, permite a servidores FTP remotos crear o sobre-escribir ficheros ... • http://blog.hispasec.com/lab/advisories/adv_TotalCommander_7_01_Remote_Traversal.txt • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2005-4066
https://notcve.org/view.php?id=CVE-2005-4066
07 Dec 2005 — Total Commander 6.53 uses weak encryption to store FTP usernames and passwords in WCX_FTP.INI, which allows local users to decrypt the passwords and gain access to FTP servers, as possibly demonstrated by the W32.Gudeb worm. • http://securitytracker.com/id?1015311 • CWE-310: Cryptographic Issues •