CVE-2006-2520 Information

Feb 14, 2021 cve

Description

Directory traversal vulnerability in BitZipper 4.1.2 SR-1 and earlier allows remote attackers to create files in arbitrary directories via a .. (dot dot) in the filename of a file that is stored in a (1) RAR (.rar) (2) TAR (.tar) (3) ZIP (.zip) (4) GZ (.gz) or (5) JAR (.jar) archive.

Reference

http://hamid.ir/security/bitzipper.txt http://secunia.com/advisories/20207 http://securitytracker.com/id?1016132 http://www.osvdb.org/25693 http://www.securityfocus.com/archive/1/434713/100/0/threaded http://www.securityfocus.com/bid/18065 http://www.vupen.com/english/advisories/2006/1907 https://exchange.xforce.ibmcloud.com/vulnerabilities/26626

Share on: