CVSS: 7.5EPSS: 6%CPEs: 4EXPL: 0CVE-2015-1315
https://notcve.org/view.php?id=CVE-2015-1315
Buffer overflow in the charset_to_intern function in unix/unix.c in Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code via a crafted string, as demonstrated by converting a string from CP866 to UTF-8. Desbordamiento de buffer en la función charset_to_intern en unix/unix.c en Info-Zip UnZip 6.10b permite a atacantes remotos ejecutar código arbitrario a través de una cadena manipulada, tal y como fue demostrado mediante la conversión de una cadena de CP866 a UTF-8. • http://www.conostix.com/pub/adv/CVE-2015-1315-Info-ZIP-unzip-Out-of-bounds_Write.txt http://www.openwall.com/lists/oss-security/2015/02/17/4 http://www.ubuntu.com/usn/USN-2502-1 https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/580961/comments/120 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2013-5659
https://notcve.org/view.php?id=CVE-2013-5659
Wiz 5.0.3 has a user mode write access violation Wiz versión 5.0.3, presenta una violación de acceso de un user mode write. • http://realpentesting.blogspot.com/p/realpentesting-advisory-title-user-mode.html http://seclists.org/fulldisclosure/2013/Sep/8 • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 13%CPEs: 1EXPL: 0CVE-2008-0888 – unzip: free() called for uninitialized or already freed pointer
https://notcve.org/view.php?id=CVE-2008-0888
The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a free of uninitialized or previously-freed data. La macro NEEDBITS en la función inflate_dynamic en el archivo inflate.c para unzip puede ser invocada usando búferes no válidos, lo que permite a los atacantes remotos causar una denegación de servicio (bloqueo) y posiblemente ejecutar código arbitrario por medio de vectores desconocidos que activan una liberación de datos no inicializados o previamente liberados. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html http://secunia.com/advisories/29392 http://secunia.com/advisories/29406 http://secunia.com/advisories/29415 http://secunia.com/advisories/29427 http://secunia.com/advisories/29432 http://secunia.com/advisories/29440 http://secunia.com/advisories/29495 http://secunia.com/advisories/29681 http://secunia.com/advisories/30535 http:/&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 3.7EPSS: 0%CPEs: 8EXPL: 3CVE-2005-4667 – Info-ZIP UnZip 5.x - File Name Buffer Overflow
https://notcve.org/view.php?id=CVE-2005-4667
Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long arguments when it is invoked from other programs. • https://www.exploit-db.com/exploits/26913 http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0930.html http://secunia.com/advisories/25098 http://www.debian.org/security/2006/dsa-1012 http://www.info-zip.org/FAQ.html http://www.mandriva.com/security/advisories?name=MDKSA-2006:050 http://www.osvdb.org/22400 http://www.redhat.com/support/errata/RHSA-2007-0203.html http://www.securityfocus.com/archive/1/430300/100/0/threaded http://www.securityfocus.com/bid&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 1.2EPSS: 0%CPEs: 1EXPL: 0CVE-2005-2475
https://notcve.org/view.php?id=CVE-2005-2475
Race condition in Unzip 5.52 allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by Unzip after the decompression is complete. Race condition en Unzip 5.52 permite que usuarios locales modifiquen permisos de ficheros arbitrarios mediante un ataque a un fichero que se esté descomprimiendo (cuyos permisos serán cambiados por Unzip después de que la descompresión se complete). • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.39/SCOSA-2005.39.txt http://marc.info/?l=bugtraq&m=112300046224117&w=2 http://secunia.com/advisories/16309 http://secunia.com/advisories/16985 http://secunia.com/advisories/17006 http://secunia.com/advisories/17045 http://secunia.com/advisories/17342 http://secunia.com/advisories/17653 http://secunia.com/advisories/25098 http://securityreason.com/securityalert/32 http://www.debian.org/security/2005/dsa-903 http:/ •