VYPR

Total Commander

by Ghisler

CVEs (7)

  • CVE-2007-4463Aug 21, 2007
    risk 0.03cvss epss 0.03

    The Fileinfo 2.0.9 plugin for Total Commander allows user-assisted remote attackers to cause a denial of service (unhandled exception) via an invalid RVA address function pointer in (1) an IMAGE_THUNK_DATA structure, involving the (a) OriginalFirstThunk and (b) FirstThunk…

  • CVE-2020-17381Oct 21, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered in Ghisler Total Commander 9.51. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the %SYSTEMDRIVE%\totalcmd\TOTALCMD64.EXE binary.

  • CVE-2015-2869Jul 21, 2015
    risk 0.00cvss epss 0.04

    The FileInfo plugin before 2.22 for Ghisler Total Commander allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via (1) a large Size value in the Archive Member Header of a COFF Archive Library file, (2) a large Number Of Symbols value…

  • CVE-2007-4756Sep 8, 2007
    risk 0.00cvss epss 0.04

    Directory traversal vulnerability in the FTP client in Total Commander before 7.02 allows remote FTP servers to create or overwrite arbitrary files via "..\" (dot dot backslash) sequences in a filename. NOTE: the "..\" are not displayed when the user lists files. NOTE: this…

  • CVE-2007-4464Aug 21, 2007
    risk 0.00cvss epss 0.01

    CRLF injection vulnerability in the Fileinfo 2.0.9 plugin for Total Commander allows user-assisted remote attackers to spoof the information in the Image File Header tab via strings with CRLF sequences in the IMAGE_EXPORT_DIRECTORY array in a PE file, which could complicate…

  • CVE-2007-0263Jan 16, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Total Commander before 6.5.6 allows user-assisted remote attackers to delete arbitrary files and corrupt a filesystem via a crafted RAR file. NOTE: The provenance of this information is unknown; the details are obtained solely from third party…

  • CVE-2005-4066Dec 7, 2005
    risk 0.00cvss epss 0.00

    Total Commander 6.53 uses weak encryption to store FTP usernames and passwords in WCX_FTP.INI, which allows local users to decrypt the passwords and gain access to FTP servers, as possibly demonstrated by the W32.Gudeb worm.