Ghisler
Products
3- 7 CVEs
- 3 CVEs
- 1 CVE
Recent CVEs
8| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-4463 | 0.03 | — | 0.03 | Aug 21, 2007 | The Fileinfo 2.0.9 plugin for Total Commander allows user-assisted remote attackers to cause a denial of service (unhandled exception) via an invalid RVA address function pointer in (1) an IMAGE_THUNK_DATA structure, involving the (a) OriginalFirstThunk and (b) FirstThunk… | |||
| CVE-2020-17381 | 0.00 | — | 0.00 | Oct 21, 2020 | An issue was discovered in Ghisler Total Commander 9.51. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the %SYSTEMDRIVE%\totalcmd\TOTALCMD64.EXE binary. | |||
| CVE-2015-2869 | 0.00 | — | 0.04 | Jul 21, 2015 | The FileInfo plugin before 2.22 for Ghisler Total Commander allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via (1) a large Size value in the Archive Member Header of a COFF Archive Library file, (2) a large Number Of Symbols value… | |||
| CVE-2007-4756 | 0.00 | — | 0.04 | Sep 8, 2007 | Directory traversal vulnerability in the FTP client in Total Commander before 7.02 allows remote FTP servers to create or overwrite arbitrary files via "..\" (dot dot backslash) sequences in a filename. NOTE: the "..\" are not displayed when the user lists files. NOTE: this… | |||
| CVE-2007-4464 | 0.00 | — | 0.01 | Aug 21, 2007 | CRLF injection vulnerability in the Fileinfo 2.0.9 plugin for Total Commander allows user-assisted remote attackers to spoof the information in the Image File Header tab via strings with CRLF sequences in the IMAGE_EXPORT_DIRECTORY array in a PE file, which could complicate… | |||
| CVE-2007-0263 | 0.00 | — | 0.02 | Jan 16, 2007 | Unspecified vulnerability in Total Commander before 6.5.6 allows user-assisted remote attackers to delete arbitrary files and corrupt a filesystem via a crafted RAR file. NOTE: The provenance of this information is unknown; the details are obtained solely from third party… | |||
| CVE-2006-6837 | 0.00 | — | 0.04 | Dec 31, 2006 | Multiple stack-based buffer overflows in the (1) LoadTree, (2) ReadHeader, and (3) LoadXBOXTree functions in the ISO (iso_wincmd) plugin 1.7.3.3 and earlier for Total Commander allow user-assisted remote attackers to execute arbitrary code via a long pathname in an ISO image. | |||
| CVE-2005-4066 | 0.00 | — | 0.00 | Dec 7, 2005 | Total Commander 6.53 uses weak encryption to store FTP usernames and passwords in WCX_FTP.INI, which allows local users to decrypt the passwords and gain access to FTP servers, as possibly demonstrated by the W32.Gudeb worm. |
- CVE-2007-4463Aug 21, 2007risk 0.03cvss —epss 0.03
The Fileinfo 2.0.9 plugin for Total Commander allows user-assisted remote attackers to cause a denial of service (unhandled exception) via an invalid RVA address function pointer in (1) an IMAGE_THUNK_DATA structure, involving the (a) OriginalFirstThunk and (b) FirstThunk…
- CVE-2020-17381Oct 21, 2020risk 0.00cvss —epss 0.00
An issue was discovered in Ghisler Total Commander 9.51. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the %SYSTEMDRIVE%\totalcmd\TOTALCMD64.EXE binary.
- CVE-2015-2869Jul 21, 2015risk 0.00cvss —epss 0.04
The FileInfo plugin before 2.22 for Ghisler Total Commander allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via (1) a large Size value in the Archive Member Header of a COFF Archive Library file, (2) a large Number Of Symbols value…
- CVE-2007-4756Sep 8, 2007risk 0.00cvss —epss 0.04
Directory traversal vulnerability in the FTP client in Total Commander before 7.02 allows remote FTP servers to create or overwrite arbitrary files via "..\" (dot dot backslash) sequences in a filename. NOTE: the "..\" are not displayed when the user lists files. NOTE: this…
- CVE-2007-4464Aug 21, 2007risk 0.00cvss —epss 0.01
CRLF injection vulnerability in the Fileinfo 2.0.9 plugin for Total Commander allows user-assisted remote attackers to spoof the information in the Image File Header tab via strings with CRLF sequences in the IMAGE_EXPORT_DIRECTORY array in a PE file, which could complicate…
- CVE-2007-0263Jan 16, 2007risk 0.00cvss —epss 0.02
Unspecified vulnerability in Total Commander before 6.5.6 allows user-assisted remote attackers to delete arbitrary files and corrupt a filesystem via a crafted RAR file. NOTE: The provenance of this information is unknown; the details are obtained solely from third party…
- CVE-2006-6837Dec 31, 2006risk 0.00cvss —epss 0.04
Multiple stack-based buffer overflows in the (1) LoadTree, (2) ReadHeader, and (3) LoadXBOXTree functions in the ISO (iso_wincmd) plugin 1.7.3.3 and earlier for Total Commander allow user-assisted remote attackers to execute arbitrary code via a long pathname in an ISO image.
- CVE-2005-4066Dec 7, 2005risk 0.00cvss —epss 0.00
Total Commander 6.53 uses weak encryption to store FTP usernames and passwords in WCX_FTP.INI, which allows local users to decrypt the passwords and gain access to FTP servers, as possibly demonstrated by the W32.Gudeb worm.