Lucene search
K

4 matches found

Cvelist
Cvelist
added 2018/07/25 5:0 p.m.23 views

CVE-2018-1002201

zt-zip before 1.13 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...

5.4AI score0.1035EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2018/06/06 2:27 p.m.25 views

CVE-2018-1002201

zt-zip before 1.13 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...

6.3CVSS5AI score0.1035EPSS
Exploits1References2
Check Point Advisories
Check Point Advisories
added 2018/06/06 12:0 a.m.22 views

ZIP Slip Arbitrary File Overwrite Remote Code Execution (CVE-2018-1002200; CVE-2018-1002201; CVE-2018-1002203; CVE-2018-1002204; CVE-2018-1002205; CVE-2018-1002206; CVE-2018-1002207; CVE-2018-1261; CVE-2018-8008; CVE-2018-8009; CVE-2021-43555)

A file overwrite vulnerability exist in archive formats. To trigger this issue, an attacker may create a malicious archive that will exploit this vulnerability. Successful exploitation of this vulnerability would allow a remote attacker to overwrite arbitrary files on the vulnerable system and...

6.8CVSS4.4AI score0.37986EPSS
Exploits7
vulnersOsv
vulnersOsv
added 2018/04/17 9:0 p.m.4 views

cc.kebei:onion-expands-compress (>=3.0.0 <=3.0.6), com.aftia.plugin:aem-build-maven-plugin.core (>=1.1.1 <=1.2.2) +90 more potentially affected by CVE-2018-1002201 via org.zeroturnaround:zt-zip (>=1.10 <=1.12)

org.zeroturnaround:zt-zip MAVEN version =1.10, =3.0.0, =1.1.1, =5.0, =2.1.6, =3.6.1, =0.1.4, =1.0.3, =1.0.0, =1.0, =1.1 and more Source cves: CVE-2018-1002201 Source advisory: SNYK:JAVA-ORGZEROTURNAROUND-31681...

5.8CVSS6.6AI score0.1035EPSS
Exploits1
Rows per page
Query Builder