4 results (0.013 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

Zoo 2.10 has Directory traversal Zoo 2.10 tiene un salto de Directorio • http://www.openwall.com/lists/oss-security/2015/01/03/1 https://security-tracker.debian.org/tracker/CVE-2005-2349 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.8EPSS: 7%CPEs: 59EXPL: 1

unzoo.c, as used in multiple products including AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. El archivo unzoo.c, tal como se utiliza en varios productos, incluyendo AMaViS versión 2.4.1 y anteriores, permite a los atacantes remotos causar una denegación de servicio (bucle infinito) por medio de un archivo ZOO con una estructura direntry que apunta hacia un archivo anterior. • http://osvdb.org/36208 http://secunia.com/advisories/25315 http://securityreason.com/securityalert/2680 http://www.amavis.org/security/asa-2007-2.txt http://www.securityfocus.com/archive/1/467646/100/0/threaded http://www.securityfocus.com/bid/23823 https://exchange.xforce.ibmcloud.com/vulnerabilities/34080 • CWE-399: Resource Management Errors •

CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 4

Buffer overflow in the parse function in parse.c in zoo 2.10 might allow local users to execute arbitrary code via long filename command line arguments, which are not properly handled during archive creation. NOTE: since this issue is local and not setuid, the set of attack scenarios is limited, although is reasonable to expect that there are some situations in which the zoo user might automatically list attacker-controlled filenames to add to the zoo archive. • https://www.exploit-db.com/exploits/27425 http://secunia.com/advisories/19250 http://secunia.com/advisories/19254 http://www.gentoo.org/security/en/glsa/glsa-200603-12.xml http://www.securityfocus.com/bid/17126 http://www.vupen.com/english/advisories/2006/0969 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=183426 https://exchange.xforce.ibmcloud.com/vulnerabilities/25264 •

CVSS: 5.1EPSS: 1%CPEs: 1EXPL: 3

Stack-based buffer overflow in the fullpath function in misc.c for zoo 2.10 and earlier, as used in products such as Barracuda Spam Firewall, allows user-assisted attackers to execute arbitrary code via a crafted ZOO file that causes the combine function to return a longer string than expected. • http://archives.neohapsis.com/archives/bugtraq/2006-04/0061.html http://secunia.com/advisories/19002 http://secunia.com/advisories/19130 http://secunia.com/advisories/19148 http://secunia.com/advisories/19166 http://secunia.com/advisories/19408 http://secunia.com/advisories/19514 http://securityreason.com/securityalert/546 http://securitytracker.com/id?1015668 http://securitytracker.com/id?1015866 http://www.debian.org/security/2006/dsa-991 http://www.gentoo.org/security/en/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •