Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
unzip vulnerabilities and exploits
(subscribe to this query)
890
VMScore
CVE-2021-35064
KramerAV VIAWare, all tested versions, allow privilege escalation through misconfiguration of sudo. Sudoers permits running of multiple dangerous commands, including unzip, systemctl and dpkg.
Kramerav Viaware
1 Github repository
668
VMScore
CVE-2020-11536
An issue exists in ONLYOFFICE Document Server 5.5.0. An attacker can craft a malicious .docx file, and exploit the unzip function to rewrite a binary and remotely execute code on a victim's server.
Onlyoffice Document Server 5.5.0
668
VMScore
CVE-2006-6979
The ruby handlers in the Magnatune component in Amarok do not properly quote text in certain contexts, probably including construction of an unzip command line, which allows malicious users to execute arbitrary commands via shell metacharacters.
Amarok Amarok
445
VMScore
CVE-2010-5102
Directory traversal vulnerability in mod/tools/em/class.em_unzip.php in the unzip library in TYPO3 4.2.x prior to 4.2.16, 4.3.x prior to 4.3.9, and 4.4.x prior to 4.4.5 allows remote malicious users to write arbitrary files via unspecified vectors.
Typo3 Typo3 4.2.6
Typo3 Typo3 4.2.14
Typo3 Typo3 4.2.1
Typo3 Typo3 4.3.7
Typo3 Typo3 4.3.2
Typo3 Typo3 4.3.1
Typo3 Typo3 4.2.7
Typo3 Typo3 4.2.8
Typo3 Typo3 4.2.0
Typo3 Typo3 4.2.10
Typo3 Typo3 4.3.0
Typo3 Typo3 4.3.4
Typo3 Typo3 4.4.3
Typo3 Typo3 4.4.1
Typo3 Typo3 4.2.9
Typo3 Typo3 4.2.5
Typo3 Typo3 4.2.13
Typo3 Typo3 4.2.2
Typo3 Typo3 4.2.4
Typo3 Typo3 4.3.5
Typo3 Typo3 4.3.3
Typo3 Typo3 4.2.3
605
VMScore
CVE-2018-19562
An issue exists in PHPok 4.9.015. admin.php?c=update&f=unzip allows remote malicious users to execute arbitrary code via a "Login Background > Program Upgrade > Compressed Packet Upgrade" action in which a .php file is inside a ZIP archive.
Phpok Phpok 4.9.015
890
VMScore
CVE-2016-4007
Multiple unspecified vulnerabilities in the obs-service-extract_file package prior to 0.3-5.1 in openSUSE Leap 42.1 and prior to 0.3-3.1 in openSUSE 13.2 allow malicious users to execute arbitrary commands via a service definition, related to executing unzip with "illegal op...
Opensuse Leap 42.1
Opensuse Opensuse 13.2
668
VMScore
CVE-2018-12914
A remote code execution issue exists in PublicCMS V4.0.20180210. An attacker can upload a ZIP archive that contains a .jsp file with a directory traversal pathname. After an unzip operation, the attacker can execute arbitrary code by visiting a .jsp URI.
Publiccms Publiccms 4.0.20180210
890
VMScore
CVE-2005-0519
ArGoSoft FTP Server prior to 1.4.2.7 allows remote malicious users to read arbitrary files by uploading a ZIP file containing a shortcut (.LNK) file, using SITE UNZIP to extract the .LNK file onto the server, then accessing the file, a different vulnerability than CVE-2005-0520.
Argosoft Ftp Server 1.4.1.1
Argosoft Ftp Server 1.4.1.2
Argosoft Ftp Server 1.4.1.9
Argosoft Ftp Server 1.4.2
Argosoft Ftp Server 1.4.1.7
Argosoft Ftp Server 1.4.1.8
Argosoft Ftp Server 1.4.1.3
Argosoft Ftp Server 1.4.1.4
Argosoft Ftp Server 1.4.2.1
Argosoft Ftp Server 1.4.2.2
Argosoft Ftp Server 1.4.1.5
Argosoft Ftp Server 1.4.1.6
578
VMScore
CVE-2016-7902
Unrestricted file upload vulnerability in the fileUnzip->unzip method in Dotclear prior to 2.10.3 allows remote authenticated users with permissions to manage media items to execute arbitrary code by uploading a ZIP file containing a file with a crafted extension, as demonstra...
Dotclear Dotclear
668
VMScore
CVE-2019-17582
A use-after-free in the _zip_dirent_read function of zip_dirent.c in libzip 1.2.0 allows malicious users to have an unspecified impact by attempting to unzip a malformed ZIP archive. NOTE: the discoverer states "This use-after-free is triggered prior to the double free repor...
Libzip Libzip 1.2.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »