CVE-2006-1715 | Vulnerability Database | Aqua Security

Multiple directory traversal vulnerabilities in Christian Kindahl TUGZip 3.4.0.0, 3.3.0.0, and 3.1.0.2 allow user-assisted attackers to create files in arbitrary directories via a .. (dot dot) in an archive pack with a crafted (1) .gz, (2) .jar, (3) .rar, or (4) .zip file.

Affected Software

Name	Vendor	Start Version	End Version
Tugzip	Tugzip	3.1.0.2 (including)	3.1.0.2 (including)
Tugzip	Tugzip	3.3 (including)	3.3 (including)
Tugzip	Tugzip	3.4 (including)	3.4 (including)

References

http://securityreason.com/securityalert/686
http://www.hamid.ir/security/tugzip.txt
http://www.securityfocus.com/archive/1/430433/100/0/threaded
http://www.securityfocus.com/bid/17432
https://exchange.xforce.ibmcloud.com/vulnerabilities/25713
http://securityreason.com/securityalert/686
http://www.hamid.ir/security/tugzip.txt
http://www.securityfocus.com/archive/1/430433/100/0/threaded
http://www.securityfocus.com/bid/17432
https://exchange.xforce.ibmcloud.com/vulnerabilities/25713

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-1715
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html