Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
unzip vulnerabilities and exploits
(subscribe to this query)
685
VMScore
CVE-2016-4313
Directory traversal vulnerability in unzip/extract feature in eXtplorer 2.1.9 allows remote malicious users to execute arbitrary files via a .. (dot dot) in an archive file.
Extplorer Extplorer 2.1.9
1 EDB exploit
668
VMScore
CVE-2020-11536
An issue exists in ONLYOFFICE Document Server 5.5.0. An attacker can craft a malicious .docx file, and exploit the unzip function to rewrite a binary and remotely execute code on a victim's server.
Onlyoffice Document Server 5.5.0
668
VMScore
CVE-2006-6979
The ruby handlers in the Magnatune component in Amarok do not properly quote text in certain contexts, probably including construction of an unzip command line, which allows malicious users to execute arbitrary commands via shell metacharacters.
Amarok Amarok
445
VMScore
CVE-2010-5102
Directory traversal vulnerability in mod/tools/em/class.em_unzip.php in the unzip library in TYPO3 4.2.x prior to 4.2.16, 4.3.x prior to 4.3.9, and 4.4.x prior to 4.4.5 allows remote malicious users to write arbitrary files via unspecified vectors.
Typo3 Typo3 4.2.6
Typo3 Typo3 4.2.14
Typo3 Typo3 4.2.1
Typo3 Typo3 4.3.7
Typo3 Typo3 4.3.2
Typo3 Typo3 4.3.1
Typo3 Typo3 4.2.7
Typo3 Typo3 4.2.8
Typo3 Typo3 4.2.0
Typo3 Typo3 4.2.10
Typo3 Typo3 4.3.0
Typo3 Typo3 4.3.4
Typo3 Typo3 4.4.3
Typo3 Typo3 4.4.1
Typo3 Typo3 4.2.9
Typo3 Typo3 4.2.5
Typo3 Typo3 4.2.13
Typo3 Typo3 4.2.2
Typo3 Typo3 4.2.4
Typo3 Typo3 4.3.5
Typo3 Typo3 4.3.3
Typo3 Typo3 4.2.3
605
VMScore
CVE-2018-19562
An issue exists in PHPok 4.9.015. admin.php?c=update&f=unzip allows remote malicious users to execute arbitrary code via a "Login Background > Program Upgrade > Compressed Packet Upgrade" action in which a .php file is inside a ZIP archive.
Phpok Phpok 4.9.015
890
VMScore
CVE-2016-4007
Multiple unspecified vulnerabilities in the obs-service-extract_file package prior to 0.3-5.1 in openSUSE Leap 42.1 and prior to 0.3-3.1 in openSUSE 13.2 allow malicious users to execute arbitrary commands via a service definition, related to executing unzip with "illegal op...
Opensuse Leap 42.1
Opensuse Opensuse 13.2
668
VMScore
CVE-2018-12914
A remote code execution issue exists in PublicCMS V4.0.20180210. An attacker can upload a ZIP archive that contains a .jsp file with a directory traversal pathname. After an unzip operation, the attacker can execute arbitrary code by visiting a .jsp URI.
Publiccms Publiccms 4.0.20180210
890
VMScore
CVE-2005-0519
ArGoSoft FTP Server prior to 1.4.2.7 allows remote malicious users to read arbitrary files by uploading a ZIP file containing a shortcut (.LNK) file, using SITE UNZIP to extract the .LNK file onto the server, then accessing the file, a different vulnerability than CVE-2005-0520.
Argosoft Ftp Server 1.4.1.1
Argosoft Ftp Server 1.4.1.2
Argosoft Ftp Server 1.4.1.9
Argosoft Ftp Server 1.4.2
Argosoft Ftp Server 1.4.1.7
Argosoft Ftp Server 1.4.1.8
Argosoft Ftp Server 1.4.1.3
Argosoft Ftp Server 1.4.1.4
Argosoft Ftp Server 1.4.2.1
Argosoft Ftp Server 1.4.2.2
Argosoft Ftp Server 1.4.1.5
Argosoft Ftp Server 1.4.1.6
578
VMScore
CVE-2016-7902
Unrestricted file upload vulnerability in the fileUnzip->unzip method in Dotclear prior to 2.10.3 allows remote authenticated users with permissions to manage media items to execute arbitrary code by uploading a ZIP file containing a file with a crafted extension, as demonstra...
Dotclear Dotclear
668
VMScore
CVE-2019-17582
A use-after-free in the _zip_dirent_read function of zip_dirent.c in libzip 1.2.0 allows malicious users to have an unspecified impact by attempting to unzip a malformed ZIP archive. NOTE: the discoverer states "This use-after-free is triggered prior to the double free repor...
Libzip Libzip 1.2.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »