X-diesel : Security Vulnerabilities, CVEs, CVSS score >= 5

CVE-2007-4843

Directory traversal vulnerability in X-Diesel Unreal Commander 0.92 build 565 and 573 allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a filename. NOTE: this can be leveraged for code execution by writing to a Startup folder.
Max CVSS
5.8
EPSS Score
0.22%
Published
2007-09-12
Updated
2018-10-15

CVE-2007-4546

Unreal Commander 0.92 build 565 and 573 lists the filenames from the Central Directory of a ZIP archive, but extracts to local filenames corresponding to names in Local File Header fields in this archive, which might allow remote attackers to trick a user into performing a dangerous file overwrite or creation.
Max CVSS
5.8
EPSS Score
0.41%
Published
2007-08-27
Updated
2018-10-15

CVE-2007-4545

Multiple directory traversal vulnerabilities in Unreal Commander 0.92 build 565 and 573 allow user-assisted remote attackers to create or overwrite arbitrary files via a .. (dot dot) in a filename within a (1) ZIP or (2) RAR archive.
Max CVSS
6.8
EPSS Score
0.60%
Published
2007-08-27
Updated
2018-10-15
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close