Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
unzip vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2021-35064
KramerAV VIAWare, all tested versions, allow privilege escalation through misconfiguration of sudo. Sudoers permits running of multiple dangerous commands, including unzip, systemctl and dpkg.
Kramerav Viaware
1 Github repository
7.5
CVSSv2
CVE-2020-11536
An issue exists in ONLYOFFICE Document Server 5.5.0. An attacker can craft a malicious .docx file, and exploit the unzip function to rewrite a binary and remotely execute code on a victim's server.
Onlyoffice Document Server 5.5.0
7.5
CVSSv2
CVE-2006-6979
The ruby handlers in the Magnatune component in Amarok do not properly quote text in certain contexts, probably including construction of an unzip command line, which allows malicious users to execute arbitrary commands via shell metacharacters.
Amarok Amarok
5
CVSSv2
CVE-2010-5102
Directory traversal vulnerability in mod/tools/em/class.em_unzip.php in the unzip library in TYPO3 4.2.x prior to 4.2.16, 4.3.x prior to 4.3.9, and 4.4.x prior to 4.4.5 allows remote malicious users to write arbitrary files via unspecified vectors.
Typo3 Typo3 4.2.6
Typo3 Typo3 4.2.14
Typo3 Typo3 4.2.1
Typo3 Typo3 4.3.7
Typo3 Typo3 4.3.2
Typo3 Typo3 4.3.1
Typo3 Typo3 4.2.7
Typo3 Typo3 4.2.8
Typo3 Typo3 4.2.0
Typo3 Typo3 4.2.10
Typo3 Typo3 4.3.0
Typo3 Typo3 4.3.4
Typo3 Typo3 4.4.3
Typo3 Typo3 4.4.1
Typo3 Typo3 4.2.9
Typo3 Typo3 4.2.5
Typo3 Typo3 4.2.13
Typo3 Typo3 4.2.2
Typo3 Typo3 4.2.4
Typo3 Typo3 4.3.5
Typo3 Typo3 4.3.3
Typo3 Typo3 4.2.3
6.8
CVSSv2
CVE-2018-19562
An issue exists in PHPok 4.9.015. admin.php?c=update&f=unzip allows remote malicious users to execute arbitrary code via a "Login Background > Program Upgrade > Compressed Packet Upgrade" action in which a .php file is inside a ZIP archive.
Phpok Phpok 4.9.015
10
CVSSv2
CVE-2016-4007
Multiple unspecified vulnerabilities in the obs-service-extract_file package prior to 0.3-5.1 in openSUSE Leap 42.1 and prior to 0.3-3.1 in openSUSE 13.2 allow malicious users to execute arbitrary commands via a service definition, related to executing unzip with "illegal op...
Opensuse Leap 42.1
Opensuse Opensuse 13.2
7.5
CVSSv2
CVE-2018-12914
A remote code execution issue exists in PublicCMS V4.0.20180210. An attacker can upload a ZIP archive that contains a .jsp file with a directory traversal pathname. After an unzip operation, the attacker can execute arbitrary code by visiting a .jsp URI.
Publiccms Publiccms 4.0.20180210
10
CVSSv2
CVE-2005-0519
ArGoSoft FTP Server prior to 1.4.2.7 allows remote malicious users to read arbitrary files by uploading a ZIP file containing a shortcut (.LNK) file, using SITE UNZIP to extract the .LNK file onto the server, then accessing the file, a different vulnerability than CVE-2005-0520.
Argosoft Ftp Server 1.4.1.1
Argosoft Ftp Server 1.4.1.2
Argosoft Ftp Server 1.4.1.9
Argosoft Ftp Server 1.4.2
Argosoft Ftp Server 1.4.1.7
Argosoft Ftp Server 1.4.1.8
Argosoft Ftp Server 1.4.1.3
Argosoft Ftp Server 1.4.1.4
Argosoft Ftp Server 1.4.2.1
Argosoft Ftp Server 1.4.2.2
Argosoft Ftp Server 1.4.1.5
Argosoft Ftp Server 1.4.1.6
6.5
CVSSv2
CVE-2016-7902
Unrestricted file upload vulnerability in the fileUnzip->unzip method in Dotclear prior to 2.10.3 allows remote authenticated users with permissions to manage media items to execute arbitrary code by uploading a ZIP file containing a file with a crafted extension, as demonstra...
Dotclear Dotclear
7.5
CVSSv2
CVE-2019-17582
A use-after-free in the _zip_dirent_read function of zip_dirent.c in libzip 1.2.0 allows malicious users to have an unspecified impact by attempting to unzip a malformed ZIP archive. NOTE: the discoverer states "This use-after-free is triggered prior to the double free repor...
Libzip Libzip 1.2.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »