Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Directory traversal vulnerability in the FTP client in Total Commander before 7.02 allows remote FTP servers to create or overwrite arbitrary files via "..\" (dot dot backslash) sequences in a filename. NOTE: the "..\" are not displayed when the user lists files. NOTE: this can be leveraged for code execution by writing to a Startup folder.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Total Commander远程FTP客户端目录遍历漏洞
Vulnerability Description
Ghisler Total Commander(原Windows Commander)是瑞士Ghisler公司的一套磁盘文件管理软件,可以取代资源管理器。 Total Commander的FTP功能没有正确的检查所要下载文件的名称,如果文件名中包含有反斜杠和句号的话,就可能将该文件下载到攻击者所选择的任意位置。此外,Total Commander会从列表窗口中剥离路径,仅显示文件名,因此位置窗口中不会显示反斜线和句号。例如: 1. Total Commander用户连接到FTP服务器。 2. 启动FTP过
CVSS Information
N/A
Vulnerability Type
N/A