WinSCP before 5.17.10 allows remote attackers to execute arbitrary programs when the URL handler encounters a crafted URL that loads session settings. (For example, this is exploitable in a default installation in which WinSCP is the handler for sftp:// URLs.)
Max CVSS
10.0
EPSS Score
0.53%
Published
2021-01-27
Updated
2021-02-04
Buffer overflow in WinSCP 5.17.8 allows a malicious FTP server to cause a denial of service or possibly have other unspecified impact via a long file name.
Max CVSS
9.8
EPSS Score
0.21%
Published
2020-11-23
Updated
2020-12-02
In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.
Max CVSS
6.8
EPSS Score
0.43%
Published
2019-01-31
Updated
2023-02-23
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.
Max CVSS
6.8
EPSS Score
0.24%
Published
2019-01-31
Updated
2023-02-23
In WinSCP before 5.14 beta, due to missing validation, the scp implementation would accept arbitrary files sent by the server, potentially overwriting unrelated files. This affects TSCPFileSystem::SCPSink in core/ScpFileSystem.cpp.
Max CVSS
7.5
EPSS Score
0.97%
Published
2019-01-10
Updated
2020-01-15
Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negative size value in an RSA key signature during the SSH handshake, which triggers a heap-based buffer overflow.
Max CVSS
6.8
EPSS Score
2.72%
Published
2013-08-19
Updated
2021-08-06
Interpretation conflict in WinSCP before 4.0.4 allows remote attackers to perform arbitrary file transfers with a remote server via file-transfer commands in the final portion of a (1) scp, and possibly a (2) sftp or (3) ftp, URL, as demonstrated by a URL specifying login to the remote server with a username of scp, which is interpreted as an HTTP scheme name by the protocol handler in a web browser, but is interpreted as a username by WinSCP. NOTE: this is related to an incomplete fix for CVE-2006-3015.
Max CVSS
9.3
EPSS Score
8.10%
Published
2007-09-17
Updated
2018-10-15
Argument injection vulnerability in WinSCP 3.8.1 build 328 allows remote attackers to upload or download arbitrary files via encoded spaces and double-quote characters in a scp or sftp URI.
Max CVSS
7.1
EPSS Score
8.81%
Published
2006-06-14
Updated
2024-02-13
Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary code due to interactions with the use of null-terminated strings as implemented using languages such as C, as demonstrated by the SSHredder SSH protocol test suite.
Max CVSS
10.0
EPSS Score
4.42%
Published
2002-12-23
Updated
2017-10-11
CVE-2002-1359
Public exploit
Multiple SSH2 servers and clients do not properly handle large packets or large fields, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code via buffer overflow attacks, as demonstrated by the SSHredder SSH protocol test suite.
Max CVSS
10.0
EPSS Score
97.18%
Published
2002-12-23
Updated
2017-10-11
Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite.
Max CVSS
10.0
EPSS Score
4.42%
Published
2002-12-23
Updated
2017-10-11
Multiple SSH2 servers and clients do not properly handle packets or data elements with incorrect length specifiers, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite.
Max CVSS
10.0
EPSS Score
19.30%
Published
2002-12-23
Updated
2017-10-11
12 vulnerabilities found