1. CVE-Search
  2. CVE-2006-2520
ID CVE-2006-2520
Summary Directory traversal vulnerability in BitZipper 4.1.2 SR-1 and earlier allows remote attackers to create files in arbitrary directories via a .. (dot dot) in the filename of a file that is stored in a (1) RAR (.rar), (2) TAR (.tar), (3) ZIP (.zip), (4) GZ (.gz), or (5) JAR (.jar) archive.
References
Vulnerable Configurations
  • cpe:2.3:a:bitberry_software:bitzipper:3.2:*:*:*:*:*:*:*
    cpe:2.3:a:bitberry_software:bitzipper:3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:bitberry_software:bitzipper:3.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:bitberry_software:bitzipper:3.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:bitberry_software:bitzipper:3.3:*:*:*:*:*:*:*
    cpe:2.3:a:bitberry_software:bitzipper:3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:bitberry_software:bitzipper:3.4:*:*:*:*:*:*:*
    cpe:2.3:a:bitberry_software:bitzipper:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:bitberry_software:bitzipper:3.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:bitberry_software:bitzipper:3.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:bitberry_software:bitzipper:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:bitberry_software:bitzipper:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:bitberry_software:bitzipper:4.1:*:*:*:*:*:*:*
    cpe:2.3:a:bitberry_software:bitzipper:4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:bitberry_software:bitzipper:4.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:bitberry_software:bitzipper:4.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:bitberry_software:bitzipper:4.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:bitberry_software:bitzipper:4.1.2:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 18-10-2018 - 16:40)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:N
refmap via4
bid 18065
bugtraq 20060522 BitZipper Archive Extraction Directory traversal
misc http://hamid.ir/security/bitzipper.txt
osvdb 25693
sectrack 1016132
secunia 20207
vupen ADV-2006-1907
xf bitzipper-extract-directory-traversal(26626)
Last major update 18-10-2018 - 16:40
Published 22-05-2006 - 22:02
Last modified 18-10-2018 - 16:40
Back to Top