Page 3 of 16 results (0.007 seconds)

CVSS: 7.5EPSS: 9%CPEs: 11EXPL: 0

Stack-based buffer overflow in UNACEV2.DLL for RARLAB WinRAR 2.90 through 3.50 allows remote attackers to execute arbitrary code via an ACE archive containing a file with a long name. • http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0266.html http://secunia.com/advisories/16973 http://secunia.com/secunia_research/2005-53/advisory http://www.osvdb.org/19915 http://www.rarlabs.com/rarnew.htm http://www.securityfocus.com/bid/15062 •

CVSS: 2.6EPSS: 0%CPEs: 9EXPL: 0

Directory traversal vulnerability in WinRAR 3.42 and earlier, when the user clicks on the ZIP file to extract it, allows remote attackers to create arbitrary files via a ... (triple dot) in the filename of the ZIP file. • http://marc.info/?l=bugtraq&m=110737609604210&w=2 http://www.securityfocus.com/bid/12422 https://exchange.xforce.ibmcloud.com/vulnerabilities/20585 •

CVSS: 2.6EPSS: 0%CPEs: 8EXPL: 0

The Repair Archive command in WinRAR 3.40 allows remote attackers to cause a denial of service (application crash) via a corrupt ZIP archive. • http://marc.info/?l=bugtraq&m=109941351432699&w=2 http://secunia.com/advisories/13070 http://www.rarlabs.com/rarnew.htm http://www.securityfocus.com/bid/11581 https://exchange.xforce.ibmcloud.com/vulnerabilities/17937 •

CVSS: 10.0EPSS: 2%CPEs: 8EXPL: 1

WinRAR 3.40, and possibly earlier versions, allows remote attackers to execute arbitrary code via a ZIP file containing a file with a long filename, possibly causing an integer overflow that leads to a buffer overflow. • https://www.exploit-db.com/exploits/694 http://www.frsirt.com/exploits/20041217.Winrar.c.php https://exchange.xforce.ibmcloud.com/vulnerabilities/18569 •

CVSS: 6.4EPSS: 0%CPEs: 50EXPL: 1

Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes ("//absolute/path"). Múltiples vulnerabilidades de atravesamiento de directorios en LHA 1.14 permite a atacantes locales o usuarios locales crear ficheros arbitrarios mediante un archivo LHA conteniendo nombres de fichero con secuencias (1) ".." (punto punto) o (2) rutas absolutas con barra inicial doble ("//ruta/absoluta"). • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000840 http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020776.html http://marc.info/?l=bugtraq&m=108422737918885&w=2 http://security.gentoo.org/glsa/glsa-200405-02.xml http://www.debian.org/security/2004/dsa-515 http://www.redhat.com/archives/fedora-announce-list/2004-May/msg00005.html http://www.redhat.com/support/errata/RHSA-2004-178.html http://www.redhat.com/support/errata/RHSA-2004-179.html h •