Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Winscp
(Winscp)| Repositories |
• https://github.com/openssh/openssh-portable
• https://github.com/winscp/winscp |
| #Vulnerabilities | 16 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2014-04-22 | CVE-2014-2735 | WinSCP before 5.5.3, when FTP with TLS is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | Winscp | N/A | ||
| 2007-09-17 | CVE-2007-4909 | Interpretation conflict in WinSCP before 4.0.4 allows remote attackers to perform arbitrary file transfers with a remote server via file-transfer commands in the final portion of a (1) scp, and possibly a (2) sftp or (3) ftp, URL, as demonstrated by a URL specifying login to the remote server with a username of scp, which is interpreted as an HTTP scheme name by the protocol handler in a web browser, but is interpreted as a username by WinSCP. NOTE: this is related to an incomplete fix for... | Winscp | N/A | ||
| 2002-12-23 | CVE-2002-1360 | Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary code due to interactions with the use of null-terminated strings as implemented using languages such as C, as demonstrated by the SSHredder SSH protocol test suite. | Ios, Ssh_client, Securenetterm, Shellguard_ssh, Secureshell, Putty, Winscp | N/A | ||
| 2002-12-23 | CVE-2002-1359 | Multiple SSH2 servers and clients do not properly handle large packets or large fields, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code via buffer overflow attacks, as demonstrated by the SSHredder SSH protocol test suite. | Ios, Ssh_client, Securenetterm, Shellguard_ssh, Secureshell, Putty, Winscp | N/A | ||
| 2002-12-23 | CVE-2002-1358 | Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite. | Ios, Ssh_client, Securenetterm, Shellguard_ssh, Secureshell, Putty, Winscp | N/A | ||
| 2002-12-23 | CVE-2002-1357 | Multiple SSH2 servers and clients do not properly handle packets or data elements with incorrect length specifiers, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite. | Ios, Ssh_client, Securenetterm, Shellguard_ssh, Secureshell, Putty, Winscp | N/A |