Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
winscp winscp vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2007-4909
Interpretation conflict in WinSCP prior to 4.0.4 allows remote malicious users to perform arbitrary file transfers with a remote server via file-transfer commands in the final portion of a (1) scp, and possibly a (2) sftp or (3) ftp, URL, as demonstrated by a URL specifying login...
Winscp Winscp 3.5.6
Winscp Winscp 3.6
Winscp Winscp 4.0.2
Winscp Winscp 4.0.3
Winscp Winscp 3.6.1
Winscp Winscp 3.6.5 Beta
Winscp Winscp 2.0.0
Winscp Winscp 3.5.5 Beta
Winscp Winscp 3.8.1
Winscp Winscp 3.8.2
Winscp Winscp 3.6.6
Winscp Winscp 3.6.7
1 EDB exploit
NA
CVE-2013-4852
Integer overflow in PuTTY 0.62 and previous versions, WinSCP prior to 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negative size value in an...
Winscp Winscp 5.1.4
Winscp Winscp 5.1.3
Winscp Winscp 5.1.2
Winscp Winscp 5.1.1
Winscp Winscp 4.3.8
Winscp Winscp 4.3.7
Winscp Winscp 4.3.6
Winscp Winscp 3.7.6
Winscp Winscp 5.0.6
Winscp Winscp 5.0.5
Winscp Winscp 5.0.4
Winscp Winscp 5.0.3
Winscp Winscp 5.0.2
Winscp Winscp 4.2.6
Winscp Winscp 4.2.7
Winscp Winscp 4.2.8
Winscp Winscp 4.2.9
Winscp Winscp 5.0.9
Winscp Winscp 5.0.7
Winscp Winscp 5.0
Winscp Winscp 4.3.9
Winscp Winscp 3.8.2
NA
CVE-2014-2735
WinSCP prior to 5.5.3, when FTP with TLS is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arb...
Winscp Winscp 5.5
Winscp Winscp
Winscp Winscp 5.5.1
9.8
CVSSv3
CVE-2021-3331
WinSCP prior to 5.17.10 allows remote malicious users to execute arbitrary programs when the URL handler encounters a crafted URL that loads session settings. (For example, this is exploitable in a default installation in which WinSCP is the handler for sftp:// URLs.)
Winscp Winscp
1 Github repository
7.5
CVSSv3
CVE-2018-20684
In WinSCP prior to 5.14 beta, due to missing validation, the scp implementation would accept arbitrary files sent by the server, potentially overwriting unrelated files. This affects TSCPFileSystem::SCPSink in core/ScpFileSystem.cpp.
Winscp Winscp
9.8
CVSSv3
CVE-2020-28864
Buffer overflow in WinSCP 5.17.8 allows a malicious FTP server to cause a denial of service or possibly have other unspecified impact via a long file name.
Winscp Winscp 5.17.8
NA
CVE-2006-3015
Argument injection vulnerability in WinSCP 3.8.1 build 328 allows remote malicious users to upload or download arbitrary files via encoded spaces and double-quote characters in a scp or sftp URI.
Winscp Winscp 3.8.1
1 EDB exploit
6.8
CVSSv3
CVE-2019-6110
In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.
Openbsd Openssh
Winscp Winscp
Netapp Element Software -
Netapp Storage Automation Store -
Netapp Ontap Select Deploy -
Siemens Scalance X204rna Firmware
Siemens Scalance X204rna Eec Firmware
2 EDB exploits
1 Github repository
1 Article
5.9
CVSSv3
CVE-2024-31497
In PuTTY 0.68 up to and including 0.80 prior to 0.81, biased ECDSA nonce generation allows an malicious user to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to ...
Putty Putty
Filezilla-project Filezilla Client
Winscp Winscp
Tortoisegit Tortoisegit
Tigris Tortoisesvn
Fedoraproject Fedora 38
Fedoraproject Fedora 39
Fedoraproject Fedora 40
4 Github repositories
2 Articles
6.8
CVSSv3
CVE-2019-6109
An issue exists in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transfer...
Openbsd Openssh
Winscp Winscp
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Netapp Element Software -
Netapp Storage Automation Store -
Netapp Ontap Select Deploy -
Fedoraproject Fedora 30
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux Eus 8.1
Redhat Enterprise Linux Eus 8.2
Redhat Enterprise Linux Server Tus 8.2
Redhat Enterprise Linux Server Aus 8.2
Redhat Enterprise Linux Server Tus 8.4
Redhat Enterprise Linux Eus 8.4
Redhat Enterprise Linux Server Aus 8.4
Redhat Enterprise Linux Server Aus 8.6
Redhat Enterprise Linux Server Tus 8.6
1 Github repository
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »