2 matches found
CVE-2004-0916
cabextract versions prior to 1.1 are affected by a directory traversal vulnerability that allows remote attackers to overwrite arbitrary files via cabinet files containing ".." in a filename. The flaw is described consistently across CVE-2004-0916 entries (NVD and OSV), indicating that untrusted ...
Debian DSA-574-1 : cabextract - missing directory sanitising
The upstream developers discovered a problem in cabextract, a tool to extract cabinet files. The program was able to overwrite files in upper directories. This could lead an attacker to overwrite arbitrary files. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and packag...