Directory traversal

2006-04-1123:02:00

PRIOn knowledge base

www.prio-n.com

7.3 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

70.6%

JSON

Multiple directory traversal vulnerabilities in Christian Kindahl TUGZip 3.4.0.0, 3.3.0.0, and 3.1.0.2 allow user-assisted attackers to create files in arbitrary directories via a … (dot dot) in an archive pack with a crafted (1) .gz, (2) .jar, (3) .rar, or (4) .zip file.

CPENameOperatorVersion
tugzipeq3.4
tugzipeq3.1.0.2
tugzipeq3.3

Name	Operator	Version
tugzip	eq	3.4
tugzip	eq	3.1.0.2
tugzip	eq	3.3

References

securityreason.com/securityalert/686

www.hamid.ir/security/tugzip.txt

www.securityfocus.com/archive/1/430433/100/0/threaded

www.securityfocus.com/bid/17432

exchange.xforce.ibmcloud.com/vulnerabilities/25713