Lucene search

FlexeraCVE-2006-5963

HistoryJan 19, 2007 - 1:28 a.m.

CVE-2006-5963

2007-01-1901:28:00

flexera

web.nvd.nist.gov

cve-2006-5963

directory traversal

pentazip

pentasuite-pro

vulnerability

user-assisted

remote attack

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.8

Confidence

High

EPSS

0.007

Percentile

79.6%

JSON

Directory traversal vulnerability in PentaZip 8.5.1.190 and PentaSuite-PRO 8.5.1.221 allows user-assisted remote attackers to extract files to arbitrary pathnames via a …/ (dot dot slash) in a filename.

Affected configurations

Nvd

Node

pentawarepentasuite-proMatch8.5.1.221

pentawarepentazipMatch8.5.1.190

VendorProductVersionCPE
pentawarepentasuite-pro8.5.1.221cpe:2.3:a:pentaware:pentasuite-pro:8.5.1.221:*:*:*:*:*:*:*
pentawarepentazip8.5.1.190cpe:2.3:a:pentaware:pentazip:8.5.1.190:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
pentaware	pentasuite-pro	8.5.1.221	cpe:2.3:a:pentaware:pentasuite-pro:8.5.1.221:::::::*
pentaware	pentazip	8.5.1.190	cpe:2.3:a:pentaware:pentazip:8.5.1.190:::::::*

References

osvdb.org/32864

secunia.com/advisories/21458

secunia.com/secunia_research/2006-72/advisory/

www.securityfocus.com/bid/22104

www.vupen.com/english/advisories/2007/0235

exchange.xforce.ibmcloud.com/vulnerabilities/31581

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.8

Confidence

High

EPSS

0.007

Percentile

79.6%

JSON

Related for CVE-2006-5963