Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    10 vulnerabilities by ghisler

    CVE-2020-17381 (GCVE-0-2020-17381)

    Vulnerability from cvelistv5 – Published: 2020-10-21 00:00 – Updated: 2024-08-04 13:53
    VLAI
    Summary
    An issue was discovered in Ghisler Total Commander 9.51. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the %SYSTEMDRIVE%\totalcmd\TOTALCMD64.EXE binary.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T13:53:16.521Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/an0ry/advisories/blob/main/CVE-2020-17381.md"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/OffensiveOceloot/advisories/blob/main/CVE-2020-17381.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in Ghisler Total Commander 9.51. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the %SYSTEMDRIVE%\\totalcmd\\TOTALCMD64.EXE binary."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-03-15T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/an0ry/advisories/blob/main/CVE-2020-17381.md"
            },
            {
              "url": "https://github.com/OffensiveOceloot/advisories/blob/main/CVE-2020-17381.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-17381",
        "datePublished": "2020-10-21T00:00:00.000Z",
        "dateReserved": "2020-08-07T00:00:00.000Z",
        "dateUpdated": "2024-08-04T13:53:16.521Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-2869 (GCVE-0-2015-2869)

    Vulnerability from cvelistv5 – Published: 2015-07-21 15:00 – Updated: 2024-08-06 05:32
    VLAI
    Summary
    The FileInfo plugin before 2.22 for Ghisler Total Commander allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via (1) a large Size value in the Archive Member Header of a COFF Archive Library file, (2) a large Number Of Symbols value in the 1st Linker Member of a COFF Archive Library file, (3) a large Resource Table Count value in the LE Header of a Linear Executable file, or (4) a large value in a certain Object field in a Resource Table Entry in a Linear Executable file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://blogs.cisco.com/security/talos/fileinfo-pl… x_refsource_MISC
    http://www.securitytracker.com/id/1033004 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/75955 vdb-entryx_refsource_BID
    http://totalcmd.net/plugring/fileinfo.html x_refsource_MISC
    http://www.kb.cert.org/vuls/id/813631 third-party-advisoryx_refsource_CERT-VN
    Date Public
    2015-07-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T05:32:19.794Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://blogs.cisco.com/security/talos/fileinfo-plugin-dos"
              },
              {
                "name": "1033004",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1033004"
              },
              {
                "name": "75955",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/75955"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://totalcmd.net/plugring/fileinfo.html"
              },
              {
                "name": "VU#813631",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/813631"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-07-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The FileInfo plugin before 2.22 for Ghisler Total Commander allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via (1) a large Size value in the Archive Member Header of a COFF Archive Library file, (2) a large Number Of Symbols value in the 1st Linker Member of a COFF Archive Library file, (3) a large Resource Table Count value in the LE Header of a Linear Executable file, or (4) a large value in a certain Object field in a Resource Table Entry in a Linear Executable file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-20T09:57:01.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://blogs.cisco.com/security/talos/fileinfo-plugin-dos"
            },
            {
              "name": "1033004",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1033004"
            },
            {
              "name": "75955",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/75955"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://totalcmd.net/plugring/fileinfo.html"
            },
            {
              "name": "VU#813631",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/813631"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2015-2869",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The FileInfo plugin before 2.22 for Ghisler Total Commander allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via (1) a large Size value in the Archive Member Header of a COFF Archive Library file, (2) a large Number Of Symbols value in the 1st Linker Member of a COFF Archive Library file, (3) a large Resource Table Count value in the LE Header of a Linear Executable file, or (4) a large value in a certain Object field in a Resource Table Entry in a Linear Executable file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://blogs.cisco.com/security/talos/fileinfo-plugin-dos",
                  "refsource": "MISC",
                  "url": "http://blogs.cisco.com/security/talos/fileinfo-plugin-dos"
                },
                {
                  "name": "1033004",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1033004"
                },
                {
                  "name": "75955",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/75955"
                },
                {
                  "name": "http://totalcmd.net/plugring/fileinfo.html",
                  "refsource": "MISC",
                  "url": "http://totalcmd.net/plugring/fileinfo.html"
                },
                {
                  "name": "VU#813631",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/813631"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2015-2869",
        "datePublished": "2015-07-21T15:00:00.000Z",
        "dateReserved": "2015-04-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T05:32:19.794Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-4756 (GCVE-0-2007-4756)

    Vulnerability from cvelistv5 – Published: 2007-09-08 01:00 – Updated: 2024-08-07 15:08
    VLAI
    Summary
    Directory traversal vulnerability in the FTP client in Total Commander before 7.02 allows remote FTP servers to create or overwrite arbitrary files via "..\" (dot dot backslash) sequences in a filename. NOTE: the "..\" are not displayed when the user lists files. NOTE: this can be leveraged for code execution by writing to a Startup folder.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/archive/1/478720/100… mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/26734 third-party-advisoryx_refsource_SECUNIA
    http://osvdb.org/39838 vdb-entryx_refsource_OSVDB
    http://www.ghisler.com/whatsnew.htm x_refsource_MISC
    http://www.securityfocus.com/bid/25581 vdb-entryx_refsource_BID
    http://securityreason.com/securityalert/3106 third-party-advisoryx_refsource_SREASON
    http://blog.hispasec.com/lab/advisories/adv_Total… x_refsource_MISC
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.vupen.com/english/advisories/2007/3102 vdb-entryx_refsource_VUPEN
    http://www.securitytracker.com/id?1018662 vdb-entryx_refsource_SECTRACK
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2007-09-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T15:08:33.792Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20070906 [HISPASEC] 2K7SEPT6 Total Commander 7.01 Remote FTP Client Directory Traversal",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/478720/100/0/threaded"
              },
              {
                "name": "26734",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26734"
              },
              {
                "name": "39838",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39838"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ghisler.com/whatsnew.htm"
              },
              {
                "name": "25581",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/25581"
              },
              {
                "name": "3106",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3106"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://blog.hispasec.com/lab/advisories/adv_TotalCommander_7_01_Remote_Traversal.txt"
              },
              {
                "name": "totalcommander-ftp-weak-security(36487)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36487"
              },
              {
                "name": "ADV-2007-3102",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/3102"
              },
              {
                "name": "1018662",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1018662"
              },
              {
                "name": "totalcommander-ftp-directory-traversal(36486)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36486"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-09-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in the FTP client in Total Commander before 7.02 allows remote FTP servers to create or overwrite arbitrary files via \"..\\\" (dot dot backslash) sequences in a filename.  NOTE: the \"..\\\" are not displayed when the user lists files.  NOTE: this can be leveraged for code execution by writing to a Startup folder."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20070906 [HISPASEC] 2K7SEPT6 Total Commander 7.01 Remote FTP Client Directory Traversal",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/478720/100/0/threaded"
            },
            {
              "name": "26734",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26734"
            },
            {
              "name": "39838",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39838"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ghisler.com/whatsnew.htm"
            },
            {
              "name": "25581",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/25581"
            },
            {
              "name": "3106",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3106"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://blog.hispasec.com/lab/advisories/adv_TotalCommander_7_01_Remote_Traversal.txt"
            },
            {
              "name": "totalcommander-ftp-weak-security(36487)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36487"
            },
            {
              "name": "ADV-2007-3102",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/3102"
            },
            {
              "name": "1018662",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1018662"
            },
            {
              "name": "totalcommander-ftp-directory-traversal(36486)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36486"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-4756",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in the FTP client in Total Commander before 7.02 allows remote FTP servers to create or overwrite arbitrary files via \"..\\\" (dot dot backslash) sequences in a filename.  NOTE: the \"..\\\" are not displayed when the user lists files.  NOTE: this can be leveraged for code execution by writing to a Startup folder."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20070906 [HISPASEC] 2K7SEPT6 Total Commander 7.01 Remote FTP Client Directory Traversal",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/478720/100/0/threaded"
                },
                {
                  "name": "26734",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26734"
                },
                {
                  "name": "39838",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39838"
                },
                {
                  "name": "http://www.ghisler.com/whatsnew.htm",
                  "refsource": "MISC",
                  "url": "http://www.ghisler.com/whatsnew.htm"
                },
                {
                  "name": "25581",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/25581"
                },
                {
                  "name": "3106",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3106"
                },
                {
                  "name": "http://blog.hispasec.com/lab/advisories/adv_TotalCommander_7_01_Remote_Traversal.txt",
                  "refsource": "MISC",
                  "url": "http://blog.hispasec.com/lab/advisories/adv_TotalCommander_7_01_Remote_Traversal.txt"
                },
                {
                  "name": "totalcommander-ftp-weak-security(36487)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36487"
                },
                {
                  "name": "ADV-2007-3102",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/3102"
                },
                {
                  "name": "1018662",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1018662"
                },
                {
                  "name": "totalcommander-ftp-directory-traversal(36486)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36486"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-4756",
        "datePublished": "2007-09-08T01:00:00.000Z",
        "dateReserved": "2007-09-07T00:00:00.000Z",
        "dateUpdated": "2024-08-07T15:08:33.792Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-4464 (GCVE-0-2007-4464)

    Vulnerability from cvelistv5 – Published: 2007-08-21 21:00 – Updated: 2024-08-07 14:53
    VLAI
    Summary
    CRLF injection vulnerability in the Fileinfo 2.0.9 plugin for Total Commander allows user-assisted remote attackers to spoof the information in the Image File Header tab via strings with CRLF sequences in the IMAGE_EXPORT_DIRECTORY array in a PE file, which could complicate forensics investigations.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://blog.hispasec.com/lab/advisories/adv_Filei… x_refsource_MISC
    http://blog.hispasec.com/lab/230 x_refsource_MISC
    http://osvdb.org/46834 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/archive/1/477170/100… mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://securityreason.com/securityalert/3044 third-party-advisoryx_refsource_SREASON
    Date Public
    2007-08-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T14:53:55.988Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://blog.hispasec.com/lab/advisories/adv_Fileinfo-2_09_multiple_vulnerabilities.txt"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://blog.hispasec.com/lab/230"
              },
              {
                "name": "46834",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/46834"
              },
              {
                "name": "20070820 [HISPASEC] Fileinfo 2.0.9 plugin for Total Commander multiple vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/477170/100/0/threaded"
              },
              {
                "name": "fileinfo-multiple-pe-header-spoofing(36127)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36127"
              },
              {
                "name": "3044",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3044"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-08-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "CRLF injection vulnerability in the Fileinfo 2.0.9 plugin for Total Commander allows user-assisted remote attackers to spoof the information in the Image File Header tab via strings with CRLF sequences in the IMAGE_EXPORT_DIRECTORY array in a PE file, which could complicate forensics investigations."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://blog.hispasec.com/lab/advisories/adv_Fileinfo-2_09_multiple_vulnerabilities.txt"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://blog.hispasec.com/lab/230"
            },
            {
              "name": "46834",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/46834"
            },
            {
              "name": "20070820 [HISPASEC] Fileinfo 2.0.9 plugin for Total Commander multiple vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/477170/100/0/threaded"
            },
            {
              "name": "fileinfo-multiple-pe-header-spoofing(36127)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36127"
            },
            {
              "name": "3044",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3044"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-4464",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "CRLF injection vulnerability in the Fileinfo 2.0.9 plugin for Total Commander allows user-assisted remote attackers to spoof the information in the Image File Header tab via strings with CRLF sequences in the IMAGE_EXPORT_DIRECTORY array in a PE file, which could complicate forensics investigations."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://blog.hispasec.com/lab/advisories/adv_Fileinfo-2_09_multiple_vulnerabilities.txt",
                  "refsource": "MISC",
                  "url": "http://blog.hispasec.com/lab/advisories/adv_Fileinfo-2_09_multiple_vulnerabilities.txt"
                },
                {
                  "name": "http://blog.hispasec.com/lab/230",
                  "refsource": "MISC",
                  "url": "http://blog.hispasec.com/lab/230"
                },
                {
                  "name": "46834",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/46834"
                },
                {
                  "name": "20070820 [HISPASEC] Fileinfo 2.0.9 plugin for Total Commander multiple vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/477170/100/0/threaded"
                },
                {
                  "name": "fileinfo-multiple-pe-header-spoofing(36127)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36127"
                },
                {
                  "name": "3044",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3044"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-4464",
        "datePublished": "2007-08-21T21:00:00.000Z",
        "dateReserved": "2007-08-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T14:53:55.988Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-4463 (GCVE-0-2007-4463)

    Vulnerability from cvelistv5 – Published: 2007-08-21 21:00 – Updated: 2024-08-07 14:53
    VLAI
    Summary
    The Fileinfo 2.0.9 plugin for Total Commander allows user-assisted remote attackers to cause a denial of service (unhandled exception) via an invalid RVA address function pointer in (1) an IMAGE_THUNK_DATA structure, involving the (a) OriginalFirstThunk and (b) FirstThunk IMAGE_IMPORT_DESCRIPTOR fields, or (2) the AddressOfNames IMAGE_EXPORT_DIRECTORY field in a PE file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://blog.hispasec.com/lab/advisories/adv_Filei… x_refsource_MISC
    http://blog.hispasec.com/lab/230 x_refsource_MISC
    http://www.securityfocus.com/bid/25373 vdb-entryx_refsource_BID
    http://www.securityfocus.com/archive/1/477170/100… mailing-listx_refsource_BUGTRAQ
    http://securityreason.com/securityalert/3044 third-party-advisoryx_refsource_SREASON
    http://osvdb.org/46835 vdb-entryx_refsource_OSVDB
    Date Public
    2007-08-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T14:53:56.053Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "fileinfo-multiple-pe-dos(36126)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36126"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://blog.hispasec.com/lab/advisories/adv_Fileinfo-2_09_multiple_vulnerabilities.txt"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://blog.hispasec.com/lab/230"
              },
              {
                "name": "25373",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/25373"
              },
              {
                "name": "20070820 [HISPASEC] Fileinfo 2.0.9 plugin for Total Commander multiple vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/477170/100/0/threaded"
              },
              {
                "name": "3044",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3044"
              },
              {
                "name": "46835",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/46835"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-08-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Fileinfo 2.0.9 plugin for Total Commander allows user-assisted remote attackers to cause a denial of service (unhandled exception) via an invalid RVA address function pointer in (1) an IMAGE_THUNK_DATA structure, involving the (a) OriginalFirstThunk and (b) FirstThunk IMAGE_IMPORT_DESCRIPTOR fields, or (2) the AddressOfNames IMAGE_EXPORT_DIRECTORY field in a PE file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "fileinfo-multiple-pe-dos(36126)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36126"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://blog.hispasec.com/lab/advisories/adv_Fileinfo-2_09_multiple_vulnerabilities.txt"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://blog.hispasec.com/lab/230"
            },
            {
              "name": "25373",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/25373"
            },
            {
              "name": "20070820 [HISPASEC] Fileinfo 2.0.9 plugin for Total Commander multiple vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/477170/100/0/threaded"
            },
            {
              "name": "3044",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3044"
            },
            {
              "name": "46835",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/46835"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-4463",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Fileinfo 2.0.9 plugin for Total Commander allows user-assisted remote attackers to cause a denial of service (unhandled exception) via an invalid RVA address function pointer in (1) an IMAGE_THUNK_DATA structure, involving the (a) OriginalFirstThunk and (b) FirstThunk IMAGE_IMPORT_DESCRIPTOR fields, or (2) the AddressOfNames IMAGE_EXPORT_DIRECTORY field in a PE file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "fileinfo-multiple-pe-dos(36126)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36126"
                },
                {
                  "name": "http://blog.hispasec.com/lab/advisories/adv_Fileinfo-2_09_multiple_vulnerabilities.txt",
                  "refsource": "MISC",
                  "url": "http://blog.hispasec.com/lab/advisories/adv_Fileinfo-2_09_multiple_vulnerabilities.txt"
                },
                {
                  "name": "http://blog.hispasec.com/lab/230",
                  "refsource": "MISC",
                  "url": "http://blog.hispasec.com/lab/230"
                },
                {
                  "name": "25373",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/25373"
                },
                {
                  "name": "20070820 [HISPASEC] Fileinfo 2.0.9 plugin for Total Commander multiple vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/477170/100/0/threaded"
                },
                {
                  "name": "3044",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3044"
                },
                {
                  "name": "46835",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/46835"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-4463",
        "datePublished": "2007-08-21T21:00:00.000Z",
        "dateReserved": "2007-08-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T14:53:56.053Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-17381 (GCVE-0-2020-17381)

    Vulnerability from nvd – Published: 2020-10-21 00:00 – Updated: 2024-08-04 13:53
    VLAI
    Summary
    An issue was discovered in Ghisler Total Commander 9.51. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the %SYSTEMDRIVE%\totalcmd\TOTALCMD64.EXE binary.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T13:53:16.521Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/an0ry/advisories/blob/main/CVE-2020-17381.md"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/OffensiveOceloot/advisories/blob/main/CVE-2020-17381.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in Ghisler Total Commander 9.51. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the %SYSTEMDRIVE%\\totalcmd\\TOTALCMD64.EXE binary."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-03-15T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/an0ry/advisories/blob/main/CVE-2020-17381.md"
            },
            {
              "url": "https://github.com/OffensiveOceloot/advisories/blob/main/CVE-2020-17381.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-17381",
        "datePublished": "2020-10-21T00:00:00.000Z",
        "dateReserved": "2020-08-07T00:00:00.000Z",
        "dateUpdated": "2024-08-04T13:53:16.521Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-2869 (GCVE-0-2015-2869)

    Vulnerability from nvd – Published: 2015-07-21 15:00 – Updated: 2024-08-06 05:32
    VLAI
    Summary
    The FileInfo plugin before 2.22 for Ghisler Total Commander allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via (1) a large Size value in the Archive Member Header of a COFF Archive Library file, (2) a large Number Of Symbols value in the 1st Linker Member of a COFF Archive Library file, (3) a large Resource Table Count value in the LE Header of a Linear Executable file, or (4) a large value in a certain Object field in a Resource Table Entry in a Linear Executable file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://blogs.cisco.com/security/talos/fileinfo-pl… x_refsource_MISC
    http://www.securitytracker.com/id/1033004 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/75955 vdb-entryx_refsource_BID
    http://totalcmd.net/plugring/fileinfo.html x_refsource_MISC
    http://www.kb.cert.org/vuls/id/813631 third-party-advisoryx_refsource_CERT-VN
    Date Public
    2015-07-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T05:32:19.794Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://blogs.cisco.com/security/talos/fileinfo-plugin-dos"
              },
              {
                "name": "1033004",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1033004"
              },
              {
                "name": "75955",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/75955"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://totalcmd.net/plugring/fileinfo.html"
              },
              {
                "name": "VU#813631",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/813631"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-07-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The FileInfo plugin before 2.22 for Ghisler Total Commander allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via (1) a large Size value in the Archive Member Header of a COFF Archive Library file, (2) a large Number Of Symbols value in the 1st Linker Member of a COFF Archive Library file, (3) a large Resource Table Count value in the LE Header of a Linear Executable file, or (4) a large value in a certain Object field in a Resource Table Entry in a Linear Executable file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-20T09:57:01.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://blogs.cisco.com/security/talos/fileinfo-plugin-dos"
            },
            {
              "name": "1033004",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1033004"
            },
            {
              "name": "75955",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/75955"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://totalcmd.net/plugring/fileinfo.html"
            },
            {
              "name": "VU#813631",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/813631"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2015-2869",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The FileInfo plugin before 2.22 for Ghisler Total Commander allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via (1) a large Size value in the Archive Member Header of a COFF Archive Library file, (2) a large Number Of Symbols value in the 1st Linker Member of a COFF Archive Library file, (3) a large Resource Table Count value in the LE Header of a Linear Executable file, or (4) a large value in a certain Object field in a Resource Table Entry in a Linear Executable file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://blogs.cisco.com/security/talos/fileinfo-plugin-dos",
                  "refsource": "MISC",
                  "url": "http://blogs.cisco.com/security/talos/fileinfo-plugin-dos"
                },
                {
                  "name": "1033004",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1033004"
                },
                {
                  "name": "75955",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/75955"
                },
                {
                  "name": "http://totalcmd.net/plugring/fileinfo.html",
                  "refsource": "MISC",
                  "url": "http://totalcmd.net/plugring/fileinfo.html"
                },
                {
                  "name": "VU#813631",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/813631"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2015-2869",
        "datePublished": "2015-07-21T15:00:00.000Z",
        "dateReserved": "2015-04-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T05:32:19.794Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-4756 (GCVE-0-2007-4756)

    Vulnerability from nvd – Published: 2007-09-08 01:00 – Updated: 2024-08-07 15:08
    VLAI
    Summary
    Directory traversal vulnerability in the FTP client in Total Commander before 7.02 allows remote FTP servers to create or overwrite arbitrary files via "..\" (dot dot backslash) sequences in a filename. NOTE: the "..\" are not displayed when the user lists files. NOTE: this can be leveraged for code execution by writing to a Startup folder.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/archive/1/478720/100… mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/26734 third-party-advisoryx_refsource_SECUNIA
    http://osvdb.org/39838 vdb-entryx_refsource_OSVDB
    http://www.ghisler.com/whatsnew.htm x_refsource_MISC
    http://www.securityfocus.com/bid/25581 vdb-entryx_refsource_BID
    http://securityreason.com/securityalert/3106 third-party-advisoryx_refsource_SREASON
    http://blog.hispasec.com/lab/advisories/adv_Total… x_refsource_MISC
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.vupen.com/english/advisories/2007/3102 vdb-entryx_refsource_VUPEN
    http://www.securitytracker.com/id?1018662 vdb-entryx_refsource_SECTRACK
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2007-09-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T15:08:33.792Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20070906 [HISPASEC] 2K7SEPT6 Total Commander 7.01 Remote FTP Client Directory Traversal",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/478720/100/0/threaded"
              },
              {
                "name": "26734",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26734"
              },
              {
                "name": "39838",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39838"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ghisler.com/whatsnew.htm"
              },
              {
                "name": "25581",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/25581"
              },
              {
                "name": "3106",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3106"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://blog.hispasec.com/lab/advisories/adv_TotalCommander_7_01_Remote_Traversal.txt"
              },
              {
                "name": "totalcommander-ftp-weak-security(36487)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36487"
              },
              {
                "name": "ADV-2007-3102",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/3102"
              },
              {
                "name": "1018662",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1018662"
              },
              {
                "name": "totalcommander-ftp-directory-traversal(36486)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36486"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-09-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in the FTP client in Total Commander before 7.02 allows remote FTP servers to create or overwrite arbitrary files via \"..\\\" (dot dot backslash) sequences in a filename.  NOTE: the \"..\\\" are not displayed when the user lists files.  NOTE: this can be leveraged for code execution by writing to a Startup folder."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20070906 [HISPASEC] 2K7SEPT6 Total Commander 7.01 Remote FTP Client Directory Traversal",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/478720/100/0/threaded"
            },
            {
              "name": "26734",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26734"
            },
            {
              "name": "39838",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39838"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ghisler.com/whatsnew.htm"
            },
            {
              "name": "25581",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/25581"
            },
            {
              "name": "3106",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3106"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://blog.hispasec.com/lab/advisories/adv_TotalCommander_7_01_Remote_Traversal.txt"
            },
            {
              "name": "totalcommander-ftp-weak-security(36487)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36487"
            },
            {
              "name": "ADV-2007-3102",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/3102"
            },
            {
              "name": "1018662",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1018662"
            },
            {
              "name": "totalcommander-ftp-directory-traversal(36486)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36486"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-4756",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in the FTP client in Total Commander before 7.02 allows remote FTP servers to create or overwrite arbitrary files via \"..\\\" (dot dot backslash) sequences in a filename.  NOTE: the \"..\\\" are not displayed when the user lists files.  NOTE: this can be leveraged for code execution by writing to a Startup folder."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20070906 [HISPASEC] 2K7SEPT6 Total Commander 7.01 Remote FTP Client Directory Traversal",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/478720/100/0/threaded"
                },
                {
                  "name": "26734",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26734"
                },
                {
                  "name": "39838",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39838"
                },
                {
                  "name": "http://www.ghisler.com/whatsnew.htm",
                  "refsource": "MISC",
                  "url": "http://www.ghisler.com/whatsnew.htm"
                },
                {
                  "name": "25581",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/25581"
                },
                {
                  "name": "3106",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3106"
                },
                {
                  "name": "http://blog.hispasec.com/lab/advisories/adv_TotalCommander_7_01_Remote_Traversal.txt",
                  "refsource": "MISC",
                  "url": "http://blog.hispasec.com/lab/advisories/adv_TotalCommander_7_01_Remote_Traversal.txt"
                },
                {
                  "name": "totalcommander-ftp-weak-security(36487)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36487"
                },
                {
                  "name": "ADV-2007-3102",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/3102"
                },
                {
                  "name": "1018662",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1018662"
                },
                {
                  "name": "totalcommander-ftp-directory-traversal(36486)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36486"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-4756",
        "datePublished": "2007-09-08T01:00:00.000Z",
        "dateReserved": "2007-09-07T00:00:00.000Z",
        "dateUpdated": "2024-08-07T15:08:33.792Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-4464 (GCVE-0-2007-4464)

    Vulnerability from nvd – Published: 2007-08-21 21:00 – Updated: 2024-08-07 14:53
    VLAI
    Summary
    CRLF injection vulnerability in the Fileinfo 2.0.9 plugin for Total Commander allows user-assisted remote attackers to spoof the information in the Image File Header tab via strings with CRLF sequences in the IMAGE_EXPORT_DIRECTORY array in a PE file, which could complicate forensics investigations.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://blog.hispasec.com/lab/advisories/adv_Filei… x_refsource_MISC
    http://blog.hispasec.com/lab/230 x_refsource_MISC
    http://osvdb.org/46834 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/archive/1/477170/100… mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://securityreason.com/securityalert/3044 third-party-advisoryx_refsource_SREASON
    Date Public
    2007-08-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T14:53:55.988Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://blog.hispasec.com/lab/advisories/adv_Fileinfo-2_09_multiple_vulnerabilities.txt"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://blog.hispasec.com/lab/230"
              },
              {
                "name": "46834",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/46834"
              },
              {
                "name": "20070820 [HISPASEC] Fileinfo 2.0.9 plugin for Total Commander multiple vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/477170/100/0/threaded"
              },
              {
                "name": "fileinfo-multiple-pe-header-spoofing(36127)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36127"
              },
              {
                "name": "3044",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3044"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-08-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "CRLF injection vulnerability in the Fileinfo 2.0.9 plugin for Total Commander allows user-assisted remote attackers to spoof the information in the Image File Header tab via strings with CRLF sequences in the IMAGE_EXPORT_DIRECTORY array in a PE file, which could complicate forensics investigations."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://blog.hispasec.com/lab/advisories/adv_Fileinfo-2_09_multiple_vulnerabilities.txt"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://blog.hispasec.com/lab/230"
            },
            {
              "name": "46834",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/46834"
            },
            {
              "name": "20070820 [HISPASEC] Fileinfo 2.0.9 plugin for Total Commander multiple vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/477170/100/0/threaded"
            },
            {
              "name": "fileinfo-multiple-pe-header-spoofing(36127)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36127"
            },
            {
              "name": "3044",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3044"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-4464",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "CRLF injection vulnerability in the Fileinfo 2.0.9 plugin for Total Commander allows user-assisted remote attackers to spoof the information in the Image File Header tab via strings with CRLF sequences in the IMAGE_EXPORT_DIRECTORY array in a PE file, which could complicate forensics investigations."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://blog.hispasec.com/lab/advisories/adv_Fileinfo-2_09_multiple_vulnerabilities.txt",
                  "refsource": "MISC",
                  "url": "http://blog.hispasec.com/lab/advisories/adv_Fileinfo-2_09_multiple_vulnerabilities.txt"
                },
                {
                  "name": "http://blog.hispasec.com/lab/230",
                  "refsource": "MISC",
                  "url": "http://blog.hispasec.com/lab/230"
                },
                {
                  "name": "46834",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/46834"
                },
                {
                  "name": "20070820 [HISPASEC] Fileinfo 2.0.9 plugin for Total Commander multiple vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/477170/100/0/threaded"
                },
                {
                  "name": "fileinfo-multiple-pe-header-spoofing(36127)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36127"
                },
                {
                  "name": "3044",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3044"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-4464",
        "datePublished": "2007-08-21T21:00:00.000Z",
        "dateReserved": "2007-08-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T14:53:55.988Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-4463 (GCVE-0-2007-4463)

    Vulnerability from nvd – Published: 2007-08-21 21:00 – Updated: 2024-08-07 14:53
    VLAI
    Summary
    The Fileinfo 2.0.9 plugin for Total Commander allows user-assisted remote attackers to cause a denial of service (unhandled exception) via an invalid RVA address function pointer in (1) an IMAGE_THUNK_DATA structure, involving the (a) OriginalFirstThunk and (b) FirstThunk IMAGE_IMPORT_DESCRIPTOR fields, or (2) the AddressOfNames IMAGE_EXPORT_DIRECTORY field in a PE file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://blog.hispasec.com/lab/advisories/adv_Filei… x_refsource_MISC
    http://blog.hispasec.com/lab/230 x_refsource_MISC
    http://www.securityfocus.com/bid/25373 vdb-entryx_refsource_BID
    http://www.securityfocus.com/archive/1/477170/100… mailing-listx_refsource_BUGTRAQ
    http://securityreason.com/securityalert/3044 third-party-advisoryx_refsource_SREASON
    http://osvdb.org/46835 vdb-entryx_refsource_OSVDB
    Date Public
    2007-08-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T14:53:56.053Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "fileinfo-multiple-pe-dos(36126)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36126"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://blog.hispasec.com/lab/advisories/adv_Fileinfo-2_09_multiple_vulnerabilities.txt"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://blog.hispasec.com/lab/230"
              },
              {
                "name": "25373",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/25373"
              },
              {
                "name": "20070820 [HISPASEC] Fileinfo 2.0.9 plugin for Total Commander multiple vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/477170/100/0/threaded"
              },
              {
                "name": "3044",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3044"
              },
              {
                "name": "46835",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/46835"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-08-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Fileinfo 2.0.9 plugin for Total Commander allows user-assisted remote attackers to cause a denial of service (unhandled exception) via an invalid RVA address function pointer in (1) an IMAGE_THUNK_DATA structure, involving the (a) OriginalFirstThunk and (b) FirstThunk IMAGE_IMPORT_DESCRIPTOR fields, or (2) the AddressOfNames IMAGE_EXPORT_DIRECTORY field in a PE file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "fileinfo-multiple-pe-dos(36126)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36126"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://blog.hispasec.com/lab/advisories/adv_Fileinfo-2_09_multiple_vulnerabilities.txt"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://blog.hispasec.com/lab/230"
            },
            {
              "name": "25373",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/25373"
            },
            {
              "name": "20070820 [HISPASEC] Fileinfo 2.0.9 plugin for Total Commander multiple vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/477170/100/0/threaded"
            },
            {
              "name": "3044",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3044"
            },
            {
              "name": "46835",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/46835"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-4463",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Fileinfo 2.0.9 plugin for Total Commander allows user-assisted remote attackers to cause a denial of service (unhandled exception) via an invalid RVA address function pointer in (1) an IMAGE_THUNK_DATA structure, involving the (a) OriginalFirstThunk and (b) FirstThunk IMAGE_IMPORT_DESCRIPTOR fields, or (2) the AddressOfNames IMAGE_EXPORT_DIRECTORY field in a PE file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "fileinfo-multiple-pe-dos(36126)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36126"
                },
                {
                  "name": "http://blog.hispasec.com/lab/advisories/adv_Fileinfo-2_09_multiple_vulnerabilities.txt",
                  "refsource": "MISC",
                  "url": "http://blog.hispasec.com/lab/advisories/adv_Fileinfo-2_09_multiple_vulnerabilities.txt"
                },
                {
                  "name": "http://blog.hispasec.com/lab/230",
                  "refsource": "MISC",
                  "url": "http://blog.hispasec.com/lab/230"
                },
                {
                  "name": "25373",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/25373"
                },
                {
                  "name": "20070820 [HISPASEC] Fileinfo 2.0.9 plugin for Total Commander multiple vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/477170/100/0/threaded"
                },
                {
                  "name": "3044",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3044"
                },
                {
                  "name": "46835",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/46835"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-4463",
        "datePublished": "2007-08-21T21:00:00.000Z",
        "dateReserved": "2007-08-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T14:53:56.053Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }