CVSS: 7.5EPSS: 9%CPEs: 11EXPL: 1CVE-2005-3262 – RARLAB WinRar 2.90/3.x - UUE/XXE Invalid Filename Error Message Format String
https://notcve.org/view.php?id=CVE-2005-3262
Format string vulnerability in RARLAB WinRAR 2.90 through 3.50 allows remote attackers to execute arbitrary code via format string specifiers in a UUE/XXE file, which are not properly handled when WinRAR displays diagnostic errors related to an invalid filename. • https://www.exploit-db.com/exploits/26342 http://secunia.com/advisories/16973 http://secunia.com/secunia_research/2005-53/advisory http://www.rarlabs.com/rarnew.htm http://www.securityfocus.com/bid/15062 •
CVSS: 2.6EPSS: 0%CPEs: 9EXPL: 0CVE-2005-0331
https://notcve.org/view.php?id=CVE-2005-0331
Directory traversal vulnerability in WinRAR 3.42 and earlier, when the user clicks on the ZIP file to extract it, allows remote attackers to create arbitrary files via a ... (triple dot) in the filename of the ZIP file. • http://marc.info/?l=bugtraq&m=110737609604210&w=2 http://www.securityfocus.com/bid/12422 https://exchange.xforce.ibmcloud.com/vulnerabilities/20585 •
CVSS: 10.0EPSS: 2%CPEs: 8EXPL: 1CVE-2004-1254 – WinRAR 3.4.1 - Corrupt '.ZIP' File
https://notcve.org/view.php?id=CVE-2004-1254
WinRAR 3.40, and possibly earlier versions, allows remote attackers to execute arbitrary code via a ZIP file containing a file with a long filename, possibly causing an integer overflow that leads to a buffer overflow. • https://www.exploit-db.com/exploits/694 http://www.frsirt.com/exploits/20041217.Winrar.c.php https://exchange.xforce.ibmcloud.com/vulnerabilities/18569 •