Directory traversal vulnerability in ZipGenius 5.5 and earlier allows remote attackers to create and possibly modify arbitrary files via a ZIP file with a file whose name includes .. (dot dot) sequences.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Zipgenius | Zipgenius | standard_5.5 (including) | standard_5.5 (including) |
| Zipgenius | Zipgenius | suite_5.5 (including) | suite_5.5 (including) |
References
- http://marc.info/?l=bugtraq\u0026m=110736990230696\u0026w=2
- http://secunia.com/advisories/14123
- http://securitytracker.com/id?1013542
- http://www.7a69ezine.org/node/view/195
- http://www.securityfocus.com/bid/12419
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19203
- http://marc.info/?l=bugtraq\u0026m=110736990230696\u0026w=2
- http://secunia.com/advisories/14123
- http://securitytracker.com/id?1013542
- http://www.7a69ezine.org/node/view/195
- http://www.securityfocus.com/bid/12419
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19203