Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
winrar vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2018-20250
In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating ...
Rarlab Winrar
2 EDB exploits
20 Github repositories
5 Articles
7.4
CVSSv3
CVE-2015-5663
The file-execution functionality in WinRAR prior to 5.30 beta 5 allows local users to gain privileges via a Trojan horse file with a name similar to an extensionless filename that was selected by the user.
Rarlab Winrar
7.8
CVSSv3
CVE-2018-20252
In WinRAR versions prior to and including 5.60, there is an out-of-bounds write vulnerability during parsing of crafted ACE and RAR archive formats. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Rarlab Winrar
1 Github repository
7.8
CVSSv3
CVE-2023-38831
RARLAB WinRAR prior to 6.23 allows malicious users to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name ...
Rarlab Winrar
63 Github repositories
3 Articles
NA
CVE-2006-3912
Stack-based buffer overflow in the SFX module in WinRAR prior to 3.60 beta 8 has unspecified vectors and impact.
Rarlab Winrar 3.60 Beta8
3 EDB exploits
7.1
CVSSv3
CVE-2022-43650
This vulnerability allows remote malicious users to disclose sensitive information on affected installations of RARLAB WinRAR 6.11.0.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...
Rarlab Winrar 6.11
NA
CVE-2005-4474
Buffer overflow in the "Add to archive" command in WinRAR 3.51 allows user-assisted malicious users to cause a denial of service (crash) and possibly execute arbitrary code by tricking the user into adding a file whose filename contains a non-default code page and non-A...
Rarlab Winrar 3.51
NA
CVE-2024-30370
RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability. This vulnerability allows remote malicious users to bypass the Mark-Of-The-Web protection mechanism on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must p...
NA
CVE-2023-40477
RARLAB WinRAR Recovery Volume Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote malicious users to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability ...
2 Github repositories
1 Article
7.8
CVSSv3
CVE-2021-35052
A component in Kaspersky Password Manager could allow an malicious user to elevate a process Integrity level from Medium to High.
Kaspersky Password Manager
Kaspersky Password Manager 9.0.2
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »