Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
archive zip vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2006-0932
Directory traversal vulnerability in zip.lib.php 0.1.1 in PEAR::Archive_Zip allows remote malicious users to create and overwrite arbitrary files via certain crafted pathnames in a ZIP archive.
Pear Pear Archive Zip 1.1
5
CVSSv2
CVE-2020-7664
In all versions of the package github.com/unknwon/cae/zip, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an malicious user to add or replace files system-wide.
Compression And Archive Extensions Project Compression And Archive Extensions Zip Project
6.4
CVSSv2
CVE-2018-10860
perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could use this flaw to write or ov...
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 17.10
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 12.04
Debian Debian Linux 8.0
Perl-archive-zip Project Perl-archive-zip -
10
CVSSv2
CVE-2008-6536
Unspecified vulnerability in 7-zip prior to 4.5.7 has unknown impact and remote attack vectors, as demonstrated by the PROTOS GENOME test suite for Archive Formats (c10).
7-zip 7-zip 4.55
7-zip 7-zip 4.54
7-zip 7-zip 4.42
7-zip 7-zip 4.43
7-zip 7-zip 4.37
7-zip 7-zip 4.38
7-zip 7-zip 4.35
7-zip 7-zip 4.27
7-zip 7-zip 4.25
7-zip 7-zip 3.13
7-zip 7-zip
7-zip 7-zip 4.40
7-zip 7-zip 4.41
7-zip 7-zip 4.48
7-zip 7-zip 4.49
7-zip 7-zip 4.33
7-zip 7-zip 4.36
7-zip 7-zip 4.23
7-zip 7-zip 4.26
7-zip 7-zip 4.51
7-zip 7-zip 4.50
7-zip 7-zip 4.46
6.8
CVSSv2
CVE-2007-4725
Stack consumption vulnerability in AkkyWareHOUSE 7-zip32.dll prior to 4.42.00.04, as derived from Igor Pavlov 7-Zip prior to 4.53 beta, allows user-assisted remote malicious users to execute arbitrary code via a long filename in an archive, leading to a heap-based buffer overflow...
7-zip 7-zip
7-zip 7-zip 4.43
7-zip 7-zip 4.44
7-zip 7-zip 4.45
7-zip 7-zip 4.46
7-zip 7-zip 4.47
7-zip 7-zip 4.48
7-zip 7-zip 4.49
7-zip 7-zip 4.50
7-zip 7-zip 4.51
7-zip 7-zip 4.52
1 EDB exploit
NA
CVE-2023-39137
An issue in Archive v3.3.7 allows malicious users to spoof zip filenames which can lead to inconsistent filename parsing.
Archive Project Archive 3.3.7
NA
CVE-2023-39139
An issue in Archive v3.3.7 allows malicious users to execute a path traversal via extracting a crafted zip file.
Archive Project Archive 3.3.7
7.5
CVSSv2
CVE-2021-23484
The package zip-local prior to 0.3.5 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) which can lead to an extraction of a crafted file outside the intended extraction directory.
Zip-local Project Zip-local
6.8
CVSSv2
CVE-2018-10115
Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 and before can lead to usage of uninitialized memory, allowing remote malicious users to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive.
7-zip 7-zip
1 Github repository
4.3
CVSSv2
CVE-2018-1002204
adm-zip npm library prior to 0.4.9 is vulnerable to directory traversal, allowing malicious users to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
Adm-zip Project Adm-zip
2 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21987
buffer overflow
CVE-2024-28890
CVE-2024-27574
CVE-2024-27347
CVE-2024-31450
privilege
SSTI
CVE-2024-31666
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »