CVE-2006-3015

Published: Jun 14, 2006

Modified: Aug 7, 2024

PUBLISHED

Description

Argument injection vulnerability in WinSCP 3.8.1 build 328 allows remote attackers to upload or download arbitrary files via encoded spaces and double-quote characters in a scp or sftp URI.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

winscp-uri-handler-command-execution(27075)

vdb-entry

x_refsource_XF

http://winscp.net/eng/docs/history#3.8.2

x_refsource_CONFIRM

20060611 WinSCP - URI Handler Command Switch Parsing

mailing-list

x_refsource_FULLDISC

20060310 WinSCP - URI Handler Command Switch Parsing

mailing-list

x_refsource_FULLDISC

20575

third-party-advisory

x_refsource_SECUNIA

ADV-2006-2289

vdb-entry

x_refsource_VUPEN

18384

vdb-entry

x_refsource_BID

VU#912588

third-party-advisory

x_refsource_CERT-VN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2006-3015

Description

Affected Products

References