CVSS: 9.1EPSS: 5%CPEs: 2EXPL: 3CVE-2007-4843 – Unreal Commander 0.92 - Directory Traversal
https://notcve.org/view.php?id=CVE-2007-4843
12 Sep 2007 — Directory traversal vulnerability in X-Diesel Unreal Commander 0.92 build 565 and 573 allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a filename. NOTE: this can be leveraged for code execution by writing to a Startup folder. Vulnerabilidad de salto de directorio en X-Diesel Unreal Commander 0.92 construcción 565 y 573 permite a servidores FTP crear o sobrescribir archivos de su eleccióna través de la secuencia .. (punto punto) en un nombre de archivo. • https://www.exploit-db.com/exploits/30569 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2007-4844
https://notcve.org/view.php?id=CVE-2007-4844
12 Sep 2007 — X-Diesel Unreal Commander 0.92 build 565 and 573 does not properly react to an FTP server's behavior after sending a "CWD /" command, which allows remote FTP servers to cause a denial of service (infinite loop) by (1) repeatedly sending a 550 error response, or (2) sending a 550 error response and then disconnecting. X-Diesel Unreal Commander 0.92 build 565 y 573 no reacciona adecuadamente al comportamiento de un servidor FTP tras enviar un comando "CWD /", lo cual permite a servidores FTP remotos provocar ... • http://blog.hispasec.com/lab/advisories/adv_UnrealCommander_0_92_build_573_Multiple_FTP_Based_Vulnerabilities.txt • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 2CVE-2007-4545 – Unreal Commander 0.92 - ZIP / RAR Archive Handling Traversal Arbitrary File Overwrite
https://notcve.org/view.php?id=CVE-2007-4545
27 Aug 2007 — Multiple directory traversal vulnerabilities in Unreal Commander 0.92 build 565 and 573 allow user-assisted remote attackers to create or overwrite arbitrary files via a .. (dot dot) in a filename within a (1) ZIP or (2) RAR archive. Múltiples vulnerabilidades de salto de directorio en Unreal Commander 0.92 construcción 565 y 573 permite a atacantes remotos con la intervención del usuario crear o sobrescribir archivos de su elección a través de una secuencia ..(punto punto) en un nombre de archivo con un ar... • https://www.exploit-db.com/exploits/30521 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 1CVE-2007-4546
https://notcve.org/view.php?id=CVE-2007-4546
27 Aug 2007 — Unreal Commander 0.92 build 565 and 573 lists the filenames from the Central Directory of a ZIP archive, but extracts to local filenames corresponding to names in Local File Header fields in this archive, which might allow remote attackers to trick a user into performing a dangerous file overwrite or creation. Unreal Commander 0.92 construcción 565 y 573 lista los nombres de archivo desde el directorio central de un archivo ZIP, pero extrae los nombres de fichero locales que corresponden a los nombres de lo... • http://osvdb.org/45831 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2007-4547
https://notcve.org/view.php?id=CVE-2007-4547
27 Aug 2007 — Unreal Commander 0.92 build 565 and 573 writes portions of heap memory into local files when extracting from an archive with malformed size information in a file header, which might allow user-assisted attackers to obtain sensitive information (memory contents) by reading the extracted files. NOTE: this issue is only a vulnerability if Unreal is run with privileges, or if the extracted files are made accessible to other users. Unreal Commander 0.92 construcción 565 y 573 escribe porciones de la pila de memo... • http://osvdb.org/45832 •