This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Winscp First view 2006-06-14
Product Winscp Last view 2021-01-27
Version 3.8.1_build328 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:winscp:winscp

Activity : Overall

Related : CVE

  Date Alert Description
9.8 2021-01-27 CVE-2021-3331

WinSCP before 5.17.10 allows remote attackers to execute arbitrary programs when the URL handler encounters a crafted URL that loads session settings. (For example, this is exploitable in a default installation in which WinSCP is the handler for sftp:// URLs.)

5.9 2019-01-31 CVE-2019-6111

An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file).

6.8 2019-01-31 CVE-2019-6110

In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.

6.8 2019-01-31 CVE-2019-6109

An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.

5.3 2019-01-10 CVE-2018-20685

In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.

7.5 2019-01-10 CVE-2018-20684

In WinSCP before 5.14 beta, due to missing validation, the scp implementation would accept arbitrary files sent by the server, potentially overwriting unrelated files. This affects TSCPFileSystem::SCPSink in core/ScpFileSystem.cpp.

5.8 2014-04-22 CVE-2014-2735

WinSCP before 5.5.3, when FTP with TLS is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

6.8 2013-08-19 CVE-2013-4852

Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negative size value in an RSA key signature during the SSH handshake, which triggers a heap-based buffer overflow.

7.1 2006-06-14 CVE-2006-3015

Argument injection vulnerability in WinSCP 3.8.1 build 328 allows remote attackers to upload or download arbitrary files via encoded spaces and double-quote characters in a scp or sftp URI.

CWE : Common Weakness Enumeration

%idName
33% (2) CWE-20 Improper Input Validation
16% (1) CWE-189 Numeric Errors
16% (1) CWE-116 Improper Encoding or Escaping of Output
16% (1) CWE-94 Failure to Control Generation of Code ('Code Injection')
16% (1) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-41 Using Meta-characters in E-mail Headers to Inject Malicious Payloads
CAPEC-88 OS Command Injection
CAPEC-133 Try All Common Application Switches and Options

Open Source Vulnerability Database (OSVDB)

id Description
26338 WinSCP scp/sftp Protocol Handler Arbitrary Command Injection

Nessus® Vulnerability Scanner

id Description
2019-01-16 Name: The remote Fedora host is missing a security update.
File: fedora_2019-f6ff819834.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2013-650.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2013-655.nasl - Type: ACT_GATHER_INFO
2014-04-18 Name: The remote Windows host has an application that is affected by multiple vulne...
File: winscp_5_5_3.nasl - Type: ACT_GATHER_INFO
2014-02-07 Name: The remote Windows host has an application installed that is affected by an i...
File: winscp_5_1_6.nasl - Type: ACT_GATHER_INFO
2013-09-30 Name: The remote Fedora host is missing a security update.
File: fedora_2013-14794.nasl - Type: ACT_GATHER_INFO
2013-09-15 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201309-08.nasl - Type: ACT_GATHER_INFO
2013-08-22 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201308-01.nasl - Type: ACT_GATHER_INFO
2013-08-21 Name: The remote Fedora host is missing a security update.
File: fedora_2013-14656.nasl - Type: ACT_GATHER_INFO
2013-08-21 Name: The remote Fedora host is missing a security update.
File: fedora_2013-14676.nasl - Type: ACT_GATHER_INFO
2013-08-20 Name: The remote Fedora host is missing a security update.
File: fedora_2013-14706.nasl - Type: ACT_GATHER_INFO
2013-08-13 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-2736.nasl - Type: ACT_GATHER_INFO
2013-08-13 Name: The remote Windows host has an application that is affected by a remote integ...
File: filezilla_372.nasl - Type: ACT_GATHER_INFO
2013-08-13 Name: The remote Windows host has an SSH client that is affected by multiple vulner...
File: putty_063.nasl - Type: ACT_GATHER_INFO
2013-08-08 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_4b448a96ff7311e2b28d080027ef73ec.nasl - Type: ACT_GATHER_INFO
2006-06-21 Name: The remote Windows host has an application that allows arbitrary file access.
File: winscp_uri_handler_file_access.nasl - Type: ACT_GATHER_INFO