2 matches found
CVE-2006-2520
CVE-2006-2520 affects BitZipper (versions up to and including 4.1.2 SR-1). The flaw is a directory traversal in archive handling: a filename within a stored archive (RAR, TAR, ZIP, GZ, JAR) can contain a .. sequence, enabling an attacker to create files in arbitrary directories on the host. This ...
CVE-2013-0138
CVE-2013-0138 affects BitZipper 2013 prior to Update 1 (version 2013.13.4.16). A crafted ZIP archive can trigger a memory corruption vulnerability, allowing remote code execution or a denial of service. Remediation is to update to BitZipper 2013 Update 1 or later. CERT/CC notes mitigation options...