2 results (0.007 seconds)

CVSS: 7.8EPSS: 5%CPEs: 2EXPL: 2

PicoZip allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. PicoZip permite a atacantes remotos provocar una denegación de servicio (bucle infinito) mediante un archivo ZOO con una estructura de entrada de directorio (direntry structure) que apunta a un fichero anterior. • https://www.exploit-db.com/exploits/29949 http://osvdb.org/41751 http://securityreason.com/securityalert/2680 http://www.securityfocus.com/archive/1/467646/100/0/threaded http://www.securityfocus.com/bid/23823 https://exchange.xforce.ibmcloud.com/vulnerabilities/34080 •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

Directory traversal vulnerability in Acubix PicoZip 4.02 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the file path in an (1) GZ, (2) TAR, (3) RAR, (4) JAR, or (5) ZIP archive. Vulnerabilidad de salto de directorio en PicoZip 4.02 permite a atacantes remotos con la complicidad del usuario sobrescribir ficheros de su elección mediante secuencias .. (punto punto) en la ruta de ficheros del tipo (1) GZ, (2) TAR, (3) RAR, (4) JAR, o (5) ZIP. • http://secunia.com/advisories/24868 http://www.bugtraq.ir/articles/advisory/picozip_directory_traversal/9 http://www.securityfocus.com/bid/23471 http://www.vupen.com/english/advisories/2007/1377 https://exchange.xforce.ibmcloud.com/vulnerabilities/33639 •