CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2005-0602
https://notcve.org/view.php?id=CVE-2005-0602
01 Mar 2005 — Unzip 5.51 and earlier does not properly warn the user when extracting setuid or setgid files, which may allow local users to gain privileges. • http://marc.info/?l=bugtraq&m=110960796331943&w=2 •
CVSS: 10.0EPSS: 6%CPEs: 1EXPL: 0CVE-2004-1010
https://notcve.org/view.php?id=CVE-2004-1010
09 Nov 2004 — Buffer overflow in Info-Zip 2.3 and possibly earlier versions, when using recursive folder compression, allows remote attackers to execute arbitrary code via a ZIP file containing a long pathname. • http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/028379.html •
CVSS: 7.5EPSS: 10%CPEs: 3EXPL: 4CVE-2003-0282 – Info-ZIP UnZip 5.50 - Encoded Character Hostile Destination Path
https://notcve.org/view.php?id=CVE-2003-0282
14 May 2003 — Directory traversal vulnerability in UnZip 5.50 allows attackers to overwrite arbitrary files via invalid characters between two . (dot) characters, which are filtered and result in a ".." sequence. Vulnerabilidad de atravesamiento de directorios en UnZip 5.50, permite a atacantes sobreescribir ficheros arbitrarios mediante caracteres no válidos entre dos . (punto), lo cuales son filtrados y resulta una secuencia '..' • https://www.exploit-db.com/exploits/22584 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2001-1268
https://notcve.org/view.php?id=CVE-2001-1268
12 Jul 2001 — Directory traversal vulnerability in Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrary files during archive extraction via a .. (dot dot) in an extracted filename. • http://online.securityfocus.com/archive/1/196445 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2001-1269
https://notcve.org/view.php?id=CVE-2001-1269
12 Jul 2001 — Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrary files during archive extraction via filenames in the archive that begin with the '/' (slash) character. • http://online.securityfocus.com/archive/1/196445 •