CVE-2005-0329 - Directory traversal vulnerability in ZipGenius 5.5 and earlier allows remote attackers to create and

CVE-2005-0329

Summary

Directory traversal vulnerability in ZipGenius 5.5 and earlier allows remote attackers to create and possibly modify arbitrary files via a ZIP file with a file whose name includes .. (dot dot) sequences.

References

Vulnerable Configurations

cpe:2.3:a:zipgenius:zipgenius:standard_5.5:*:*:*:*:*:*:*
cpe:2.3:a:zipgenius:zipgenius:standard_5.5:*:*:*:*:*:*:*
cpe:2.3:a:zipgenius:zipgenius:suite_5.5:*:*:*:*:*:*:*
cpe:2.3:a:zipgenius:zipgenius:suite_5.5:*:*:*:*:*:*:*

CVSS

Base:	2.6 (as of 11-07-2017 - 01:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:H/Au:N/C:N/I:P/A:N

refmap via4

bid	12419
bugtraq	20050202 7a69Adv#19 - ZipGenius unpack path disclosure
misc	http://www.7a69ezine.org/node/view/195
sectrack	1013542
secunia	14123
xf	zipgenius-path-disclosure(19203)

Last major update

11-07-2017 - 01:32

Published

02-05-2005 - 04:00

Last modified

11-07-2017 - 01:32