Phase:The WeOnlyDo! SFTP (wodSFTP) ActiveX control is marked as safe for scripting, which allows remote attackers to read and write files in arbitrary locations by accessing the control from a web page.
ReferencesCERT-VN:VU#378604 | URL:http://www.kb.cert.org/vuls/id/378604 | BID:18192 | URL:http://www.securityfocus.com/bid/18192 | FRSIRT:ADV-2006-2064 | URL:http://www.frsirt.com/english/advisories/2006/2064 | SECUNIA:20361 | URL:http:/
Votes:Assigned (Sunday, March 12, 2006)
Comments:None (candidate not yet proposed)
F7: