Refine your search
3 vulnerabilities found for Explzh by pon software
jvndb-2018-000079
Vulnerability from jvndb
Published
2018-07-13 14:47
Modified
2019-07-25 16:26
Severity ?
Summary
Explzh vulnerable to directory traversal
Details
Explzh is a file compression/extraction software supporting multiple file formats. Explzh contains a directory traversal vulnerability (CWE-22).
Explzh is not vulnerable to relative path traversal but to absolute path traversal. Therefore, an attacker may create new files or overwrite existing files on the directory accessible with the privileges for extracting files with Explzh.
Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000079.html",
"dc:date": "2019-07-25T16:26+09:00",
"dcterms:issued": "2018-07-13T14:47+09:00",
"dcterms:modified": "2019-07-25T16:26+09:00",
"description": "Explzh is a file compression/extraction software supporting multiple file formats. Explzh contains a directory traversal vulnerability (CWE-22).\r\n\r\nExplzh is not vulnerable to relative path traversal but to absolute path traversal. Therefore, an attacker may create new files or overwrite existing files on the directory accessible with the privileges for extracting files with Explzh.\r\n\r\nYuji Tounai of NTT Communications Corporation reported this vulnerability to IPA.\r\n JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000079.html",
"sec:cpe": {
"#text": "cpe:/a:ponsoftware:explzh",
"@product": "Explzh",
"@vendor": "pon software",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "3.3",
"@severity": "Low",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2018-000079",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN55813866/index.html",
"@id": "JVN#55813866",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0646",
"@id": "CVE-2018-0646",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0646",
"@id": "CVE-2018-0646",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
}
],
"title": "Explzh vulnerable to directory traversal"
}
jvndb-2010-000043
Vulnerability from jvndb
Published
2010-10-20 17:41
Modified
2010-10-20 17:41
Summary
Explzh may insecurely load executable files
Details
Explzh may use unsafe methods for determining how to load executables (.exe).
Explzh is a file compression/extraction software supporting multiple file formats. Explzh loads certain executables (.exe) when extracting files. Explzh contains an issue with the file search path, which may insecurely load executables.
Makoto Shiotsuki reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000043.html",
"dc:date": "2010-10-20T17:41+09:00",
"dcterms:issued": "2010-10-20T17:41+09:00",
"dcterms:modified": "2010-10-20T17:41+09:00",
"description": "Explzh may use unsafe methods for determining how to load executables (.exe).\r\n\r\nExplzh is a file compression/extraction software supporting multiple file formats. Explzh loads certain executables (.exe) when extracting files. Explzh contains an issue with the file search path, which may insecurely load executables.\r\n\r\nMakoto Shiotsuki reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000043.html",
"sec:cpe": {
"#text": "cpe:/a:ponsoftware:explzh",
"@product": "Explzh",
"@vendor": "pon software",
"@version": "2.2"
},
"sec:cvss": {
"@score": "5.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2010-000043",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN85599999/index.html",
"@id": "JVN#85599999",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/tr/JVNTR-2010-23/index.html",
"@id": "JVNTR-2010-23",
"@source": "JVNTR"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3159",
"@id": "CVE-2010-3159",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3159",
"@id": "CVE-2010-3159",
"@source": "NVD"
},
{
"#text": "http://www.us-cert.gov/cas/techalerts/TA10-238A.html",
"@id": "TA10-238A",
"@source": "CERT-TA"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Explzh may insecurely load executable files"
}
jvndb-2010-000026
Vulnerability from jvndb
Published
2010-06-22 16:37
Modified
2010-06-22 16:37
Summary
Explzh buffer overflow vulnerability
Details
Explzh contains a buffer overflow vulnerability.
Explzh, a file compression/decompression software supporting multiple compression file formats, contains a buffer overflow vulnerability when processing a LHA file header.
Note that versions of Explzh that contain "Arcext.dll" version 2.16.1 and earlier are vulnerable.
Kenju Takano reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000026.html",
"dc:date": "2010-06-22T16:37+09:00",
"dcterms:issued": "2010-06-22T16:37+09:00",
"dcterms:modified": "2010-06-22T16:37+09:00",
"description": "Explzh contains a buffer overflow vulnerability.\r\n\r\nExplzh, a file compression/decompression software supporting multiple compression file formats, contains a buffer overflow vulnerability when processing a LHA file header.\r\n\r\nNote that versions of Explzh that contain \"Arcext.dll\" version 2.16.1 and earlier are vulnerable.\r\n\r\nKenju Takano reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000026.html",
"sec:cpe": {
"#text": "cpe:/a:ponsoftware:explzh",
"@product": "Explzh",
"@vendor": "pon software",
"@version": "2.2"
},
"sec:cvss": {
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2010-000026",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN34729123/index.html",
"@id": "JVN#34729123",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2434",
"@id": "CVE-2010-2434",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2434",
"@id": "CVE-2010-2434",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/40324",
"@id": "SA40324",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/41025",
"@id": "41025",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/59624",
"@id": "59624",
"@source": "XF"
},
{
"#text": "http://osvdb.org/65666",
"@id": "65666",
"@source": "OSVDB"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-119",
"@title": "Buffer Errors(CWE-119)"
}
],
"title": "Explzh buffer overflow vulnerability"
}