CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-25046 – Path traversal in code.cloudfoundry.org/archiver
https://notcve.org/view.php?id=CVE-2018-25046
27 Dec 2022 — Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory. • https://github.com/cloudfoundry/archiver/commit/09b5706aa9367972c09144a450bb4523049ee840 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2021-29281
https://notcve.org/view.php?id=CVE-2021-29281
07 Jul 2022 — File upload vulnerability in GFI Mail Archiver versions up to and including 15.1 via insecure implementation of Telerik Web UI plugin which is affected by CVE-2014-2217, and CVE-2017-11317. Una vulnerabilidad en la carga de archivos en GFI Mail Archiver versiones hasta 15.1 incluyéndola, por medio de una implementación no segura del plugin Telerik Web UI, que está afectado por CVE-2014-2217, y CVE-2017-11317 • https://aminbohio.com/gfi-mail-archiver-15-1-telerik-ui-component-arbitrary-file-upload-unauthenticated-exploit • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.8EPSS: 1%CPEs: 1EXPL: 1CVE-2019-10743
https://notcve.org/view.php?id=CVE-2019-10743
28 Oct 2019 — All versions of archiver allow attacker to perform a Zip Slip attack via the "unarchive" functions. It is exploited using a specially crafted zip archive, that holds path traversal filenames. When exploited, a filename in a malicious archive is concatenated to the target extraction directory, which results in the final path ending up outside of the target folder. For instance, a zip may hold a file with a "../../file.exe" location and thus break out of the target folder. • https://github.com/mholt/archiver/pull/169 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •