Archiver Security Vulnerabilities

CVE-2023-37460

Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified Archiver/UnArchiver API. Prior to version 4.8.0, using AbstractUnArchiver for extracting an archive might lead to an arbitrary file creation and possibly remote code execution.....

CVE-2018-25046

Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target...

CVE-2018-20369

Barracuda Message Archiver 2018 has XSS in the error_msg exception-handling value for the ldap_user parameter to the cgi-mod/ldap_load_entry.cgi module. The injection point of the issue is the Add_Update...

CVE-2018-1002207

mholt/archiver golang package before e4ef56d48eb029648b0e895bb0b6a393ef0829c3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as...

CVE-2021-29281

File upload vulnerability in GFI Mail Archiver versions up to and including 15.1 via insecure implementation of Telerik Web UI plugin which is affected by CVE-2014-2217, and...

CVE-2019-10743

All versions of archiver allow attacker to perform a Zip Slip attack via the "unarchive" functions. It is exploited using a specially crafted zip archive, that holds path traversal filenames. When exploited, a filename in a malicious archive is concatenated to the target extraction directory,...

CVE-2019-10685

A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Heidelberg Prinect Archiver v2013 release...

CVE-2018-1002200

plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as...

CVE-2015-2782

Buffer overflow in Open-source ARJ archiver 3.10.22 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ARJ...

CVE-2015-0557

Open-source ARJ archiver 3.10.22 does not properly remove leading slashes from paths, which allows remote attackers to conduct absolute path traversal attacks and write to arbitrary files via multiple leading slashes in a path in an ARJ...

CVE-2015-0556

Open-source ARJ archiver 3.10.22 allows remote attackers to conduct directory traversal attacks via a symlink attack in an ARJ...

CVE-2014-0619

Untrusted search path vulnerability in Hamster Free ZIP Archiver 2.0.1.7 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the current working...

CVE-2008-0971

Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in Barracuda Spam Firewall (BSF) before 3.5.12.007, Message Archiver before 1.2.1.002, Web Filter before 3.3.0.052, IM Firewall before 3.1.01.017, and Load Balancer before 2.3.024 allow remote attackers to inject arbitrary web script....

CVE-2007-3512

Stack-based buffer overflow in Lhaca File Archiver before 1.22 allows user-assisted remote attackers to execute arbitrary code via a large LHA "Extended Header Size" value in an LZH archive, a different issue than...

CVE-2007-3375

Stack-based buffer overflow in Lhaca File Archiver before 1.21 allows user-assisted remote attackers to execute arbitrary code via a crafted LZH archive, as exploited by malware such as...

CVE-2006-1611

Directory traversal vulnerability in KGB Archiver before 1.1.5.22 allows remote attackers to overwrite arbitrary files wile decompressing an archive, possibly due to directory traversal sequences in a...

CVE-2004-0850

Star before 1.5_alpha46 does not drop the effective user ID (euid) before calling external programs, which could allow local users to gain privileges by modifying the RSH environment variable to reference a malicious...