Refine your search
8 vulnerabilities found for Lhaplus by Schezo
jvndb-2018-000001
Vulnerability from jvndb
Published
2018-01-11 14:18
Modified
2018-04-04 12:33
Severity ?
Summary
Lhaplus vulnerable to improper verification when expanding ZIP64 archives
Details
Lhaplus is file compression/decompression software. Lhaplus does not treat ZIP64 archives properly when expanding.
Koji Ando of LAC Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000001.html",
"dc:date": "2018-04-04T12:33+09:00",
"dcterms:issued": "2018-01-11T14:18+09:00",
"dcterms:modified": "2018-04-04T12:33+09:00",
"description": "Lhaplus is file compression/decompression software. Lhaplus does not treat ZIP64 archives properly when expanding.\r\n\r\nKoji Ando of LAC Co., Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000001.html",
"sec:cpe": {
"#text": "cpe:/a:lhaplus:lhaplus",
"@product": "Lhaplus",
"@vendor": "Schezo",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "3.3",
"@severity": "Low",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2018-000001",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN57842148/index.html",
"@id": "JVN#57842148",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2158",
"@id": "CVE-2017-2158",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2158",
"@id": "CVE-2017-2158",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Lhaplus vulnerable to improper verification when expanding ZIP64 archives"
}
jvndb-2015-000051
Vulnerability from jvndb
Published
2015-04-09 13:59
Modified
2015-04-16 18:00
Summary
Lhaplus vulnerable to remote code execution
Details
Lhaplus is a file compression/decompression software. Lhaplus contains a remote code execution vulnerability.
Masato Kinugawa reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000051.html",
"dc:date": "2015-04-16T18:00+09:00",
"dcterms:issued": "2015-04-09T13:59+09:00",
"dcterms:modified": "2015-04-16T18:00+09:00",
"description": "Lhaplus is a file compression/decompression software. Lhaplus contains a remote code execution vulnerability.\r\n\r\nMasato Kinugawa reported this vulnerability to IPA.\r\n JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000051.html",
"sec:cpe": {
"#text": "cpe:/a:lhaplus:lhaplus",
"@product": "Lhaplus",
"@vendor": "Schezo",
"@version": "2.2"
},
"sec:cvss": {
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2015-000051",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN12329472/index.html",
"@id": "JVN#12329472",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0907",
"@id": "CVE-2015-0907",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0907",
"@id": "CVE-2015-0907",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/security/ciadr/vul/20150409-jvn.html",
"@id": "Security Alert for Vulnerability in Lhaplus (JVN#12329472)",
"@source": "IPA SECURITY ALERTS"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-noinfo",
"@title": "No Mapping(CWE-noinfo)"
}
],
"title": "Lhaplus vulnerable to remote code execution"
}
jvndb-2015-000050
Vulnerability from jvndb
Published
2015-04-09 13:57
Modified
2015-04-16 18:00
Summary
Lhaplus vulnerable to directory traversal
Details
Lhaplus is a file compression/decompression software. Lhaplus contains an issue in processing file names, which may result in a directory traversal vulnerability.
akira_you of Nico-TECH reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000050.html",
"dc:date": "2015-04-16T18:00+09:00",
"dcterms:issued": "2015-04-09T13:57+09:00",
"dcterms:modified": "2015-04-16T18:00+09:00",
"description": "Lhaplus is a file compression/decompression software. Lhaplus contains an issue in processing file names, which may result in a directory traversal vulnerability.\r\n\r\nakira_you of Nico-TECH reported this vulnerability to IPA.\r\n JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000050.html",
"sec:cpe": {
"#text": "cpe:/a:lhaplus:lhaplus",
"@product": "Lhaplus",
"@vendor": "Schezo",
"@version": "2.2"
},
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2015-000050",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN02527990/index.html",
"@id": "JVN#02527990",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0906",
"@id": "CVE-2015-0906",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0906",
"@id": "CVE-2015-0906",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
}
],
"title": "Lhaplus vulnerable to directory traversal"
}
jvndb-2010-000039
Vulnerability from jvndb
Published
2010-10-20 17:40
Modified
2010-10-20 17:40
Summary
Lhaplus may insecurely load executable files
Details
Lhaplus may use unsafe methods for determining how to load executables (.exe).
Lhaplus is a file compression/extraction software supporting multiple file formats. Lhaplus loads certain executables (.exe) when extracting files. Lhaplus contains an issue with the file search path, which may insecurely load executables.
Makoto Shiotsuki reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000039.html",
"dc:date": "2010-10-20T17:40+09:00",
"dcterms:issued": "2010-10-20T17:40+09:00",
"dcterms:modified": "2010-10-20T17:40+09:00",
"description": "Lhaplus may use unsafe methods for determining how to load executables (.exe).\r\n\r\nLhaplus is a file compression/extraction software supporting multiple file formats. Lhaplus loads certain executables (.exe) when extracting files. Lhaplus contains an issue with the file search path, which may insecurely load executables.\r\n\r\nMakoto Shiotsuki reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000039.html",
"sec:cpe": {
"#text": "cpe:/a:lhaplus:lhaplus",
"@product": "Lhaplus",
"@vendor": "Schezo",
"@version": "2.2"
},
"sec:cvss": {
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2010-000039",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN18774708/index.html",
"@id": "JVN#18774708",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/tr/JVNTR-2010-23/",
"@id": "JVNTR-2010-23",
"@source": "JVNTR"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3158",
"@id": "CVE-2010-3158",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3158",
"@id": "CVE-2010-3158",
"@source": "NVD"
},
{
"#text": "http://www.us-cert.gov/cas/techalerts/TA10-238A.html",
"@id": "TA10-238A",
"@source": "CERT-TA"
},
{
"#text": "http://secunia.com/advisories/41742",
"@id": "SA41742",
"@source": "SECUNIA"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Lhaplus may insecurely load executable files"
}
jvndb-2010-000037
Vulnerability from jvndb
Published
2010-10-18 19:36
Modified
2010-10-18 19:36
Summary
Lhaplus may insecurely load dynamic libraries
Details
Lhaplus may use unsafe methods for determining how to load DLLs.
Lhaplus is a file compression/extraction software supporting multiple file formats. Lhaplus loads certain DLL's when files are extracted. Lhaplus contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries.
Hitachi Incident Response Team and Makoto Shiotsuki reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000037.html",
"dc:date": "2010-10-18T19:36+09:00",
"dcterms:issued": "2010-10-18T19:36+09:00",
"dcterms:modified": "2010-10-18T19:36+09:00",
"description": "Lhaplus may use unsafe methods for determining how to load DLLs.\r\n\r\nLhaplus is a file compression/extraction software supporting multiple file formats. Lhaplus loads certain DLL\u0027s when files are extracted. Lhaplus contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries.\r\n\r\nHitachi Incident Response Team and Makoto Shiotsuki reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000037.html",
"sec:cpe": {
"#text": "cpe:/a:lhaplus:lhaplus",
"@product": "Lhaplus",
"@vendor": "Schezo",
"@version": "2.2"
},
"sec:cvss": {
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2010-000037",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN82752978/index.html",
"@id": "JVN#82752978",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/tr/JVNTR-2010-23/",
"@id": "JVNTR-2010-23",
"@source": "JVNTR"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2368",
"@id": "CVE-2010-2368",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2368",
"@id": "CVE-2010-2368",
"@source": "NVD"
},
{
"#text": "http://www.ipa.go.jp/security/english/vuln/201010_Lhaplus_en.html",
"@id": "Security Alert for Vulnerability in Lhaplus",
"@source": "IPA SECURITY ALERTS"
},
{
"#text": "http://www.kb.cert.org/vuls/id/707943",
"@id": "VU#707943",
"@source": "CERT-VN"
},
{
"#text": "http://www.us-cert.gov/cas/techalerts/TA10-238A.html",
"@id": "TA10-238A",
"@source": "CERT-TA"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Lhaplus may insecurely load dynamic libraries"
}
jvndb-2007-000697
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Lhaplus buffer overflow vulnerability
Details
Lhaplus, software for compression and decompression supporting various compressed file formats, contains a buffer overflow vulnerability.
Lhaplus, software for compression and decompression supporting various compressed file formats, contains a buffer overflow vulnerability. If a user opens a specially crafted file, arbitrary code could be executed with the privilege of the user.
References
| Type | URL | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000697.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "Lhaplus, software for compression and decompression supporting various compressed file formats, contains a buffer overflow vulnerability.\r\n\r\nLhaplus, software for compression and decompression supporting various compressed file formats, contains a buffer overflow vulnerability. If a user opens a specially crafted file, arbitrary code could be executed with the privilege of the user.",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000697.html",
"sec:cpe": {
"#text": "cpe:/a:lhaplus:lhaplus",
"@product": "Lhaplus",
"@vendor": "Schezo",
"@version": "2.2"
},
"sec:cvss": {
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-000697",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN70734805/index.html",
"@id": "JVN#70734805",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5048",
"@id": "CVE-2007-5048",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5048",
"@id": "CVE-2007-5048",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/26907",
"@id": "SA26907",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/25754",
"@id": "25754",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/36718",
"@id": "36718",
"@source": "XF"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-119",
"@title": "Buffer Errors(CWE-119)"
}
],
"title": "Lhaplus buffer overflow vulnerability"
}
jvndb-2008-000022
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 11:33
Summary
Lhaplus buffer overflow vulnerability
Details
Lhaplus, file compression/decompression software supporting multiple compression file formats, contains a buffer overflow vulnerability.
Lhaplus, file compression/decompression software supporting multiple compression file formats, contains a buffer overflow vulnerability. If a user decompresses a specially crafted file, an attacker could execute arbitrary code with the privilege of the user. This vulnerability is different from JVN#82610488 and JVN#70734805.
Yuji Ukai of Fourteenforty Research Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.
References
| Type | URL | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000022.html",
"dc:date": "2008-05-21T11:33+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T11:33+09:00",
"description": "Lhaplus, file compression/decompression software supporting multiple compression file formats, contains a buffer overflow vulnerability.\r\n\r\nLhaplus, file compression/decompression software supporting multiple compression file formats, contains a buffer overflow vulnerability. If a user decompresses a specially crafted file, an attacker could execute arbitrary code with the privilege of the user. This vulnerability is different from JVN#82610488 and JVN#70734805.\r\n\r\nYuji Ukai of Fourteenforty Research Institute, Inc. reported this vulnerability to IPA.\r\n JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000022.html",
"sec:cpe": {
"#text": "cpe:/a:lhaplus:lhaplus",
"@product": "Lhaplus",
"@vendor": "Schezo",
"@version": "2.2"
},
"sec:cvss": {
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2008-000022",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN74468481/index.html",
"@id": "JVN#74468481",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2021",
"@id": "CVE-2008-2021",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2021",
"@id": "CVE-2008-2021",
"@source": "NVD"
},
{
"#text": "http://www.ipa.go.jp/security/english/vuln/200804_Lhaplus_press_en.html",
"@id": "Security Alert for Lhaplus Vulnerability",
"@source": "IPA SECURITY ALERTS"
},
{
"#text": "http://secunia.com/advisories/29972",
"@id": "SA29972",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/28953",
"@id": "28953",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/42032",
"@id": "42032",
"@source": "XF"
},
{
"#text": "http://www.frsirt.com/english/advisories/2008/1369/references",
"@id": "FrSIRT/ADV-2008-1369",
"@source": "FRSIRT"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-119",
"@title": "Buffer Errors(CWE-119)"
}
],
"title": "Lhaplus buffer overflow vulnerability"
}
jvndb-2007-000808
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Lhaplus buffer overflow vulnerability
Details
Lhaplus, file compression/decompression software supporting multiple compression file formats, contains a buffer overflow vulnerability.
Lhaplus, file compression/decompression software supporting multiple compression file formats, contains a buffer overflow vulnerability. If a user decompresses a specially crafted file, an attacker could execute arbitrary code with the privilege of the user.
This vulnerability is different from JVN#70734805.
References
| Type | URL | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000808.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "Lhaplus, file compression/decompression software supporting multiple compression file formats, contains a buffer overflow vulnerability.\r\n\r\nLhaplus, file compression/decompression software supporting multiple compression file formats, contains a buffer overflow vulnerability. If a user decompresses a specially crafted file, an attacker could execute arbitrary code with the privilege of the user.\r\n\r\nThis vulnerability is different from JVN#70734805.",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000808.html",
"sec:cpe": {
"#text": "cpe:/a:lhaplus:lhaplus",
"@product": "Lhaplus",
"@vendor": "Schezo",
"@version": "2.2"
},
"sec:cvss": {
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-000808",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN82610488/index.html",
"@id": "JVN#82610488",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6175",
"@id": "CVE-2007-6175",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6175",
"@id": "CVE-2007-6175",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/27734",
"@id": "SA27734",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/26531",
"@id": "26531",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/38624",
"@id": "38624",
"@source": "XF"
},
{
"#text": "http://www.frsirt.com/english/advisories/2007/3960",
"@id": "FrSIRT/ADV-2007-3960",
"@source": "FRSIRT"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-119",
"@title": "Buffer Errors(CWE-119)"
}
],
"title": "Lhaplus buffer overflow vulnerability"
}