3 results (0.004 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1

The XML parser used in ConeXware PowerArchiver before 20.10.02 allows processing of external entities, which might lead to exfiltration of local files over the network (via an XXE attack). El analizador XML usado en ConeXware PowerArchiver versiones anteriores a 20.10.02, permite el procesamiento de entidades externas, lo que podría conllevar a la exfiltración de archivos locales a través de la red (por medio de un ataque de tipo XXE) • https://peterka.tech/blog/posts/cve-2021-28684 https://www.powerarchiver.com • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0

The Encrypt Files feature in ConeXware PowerArchiver before 14.02.05 uses legacy ZIP encryption even if the AES 256-bit selection is chosen, which makes it easier for context-dependent attackers to obtain sensitive information via a known-plaintext attack. La funcionalidad Encrypt Files en ConeXware PowerArchiver anterior a 14.02.05 utiliza codificación legada de ZIP incluso si la selección AES 256-bit es elegida, lo que facilita a atacantes dependientes de contexto obtener información sensible a través de un ataque de texto plano conocido. • http://int21.de/cve/CVE-2014-2319-powerarchiver.html http://www.powerarchiver.com/2014/03/12/powerarchiver-2013-14-02-05-released • CWE-310: Cryptographic Issues •

CVSS: 7.5EPSS: 6%CPEs: 5EXPL: 0

Multiple stack-based buffer overflows in PowerArchiver 8.10 through 9.5 Beta 4 and Beta 5 allow remote attackers to execute arbitrary code via a long filename in a (1) ACE or (2) ARJ archive. • http://marc.info/?l=bugtraq&m=112748874211458&w=2 http://secunia.com/advisories/16713 http://secunia.com/secunia_research/2005-50/advisory http://securityreason.com/securityalert/23 http://www.securityfocus.com/bid/14922 •