Vulnerability CVE-2011-2725


Published: 2014-02-04   Modified: 2014-02-05

Description:
Directory traversal vulnerability in Ark 4.7.x and earlier allows remote attackers to delete and force the display of arbitrary files via .. (dot dot) sequences in a zip file.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
KDE Ark 4.7.4 Directory traversal
Tim Brown
09.02.2014

Type:

CWE-22

(Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'))

Vendor: KDE
Product: Kde sc 
Version:
4.7.4
4.7.3
4.7.2
4.7.1
4.7.0
Product: ARK 
Version: 2.17;
Vendor: Opensuse
Product: Opensuse 
Version: 11.4;
Vendor: Novell
Product: Opensuse 
Version: 11.4;
Vendor: Canonical
Product: Ubuntu linux 
Version:
11.10
11.04
10.10
10.04

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://lists.opensuse.org/opensuse-updates/2012-03/msg00002.html
http://packetstormsecurity.com/files/105610/Ark-2.16-Directory-Traversal.html
http://seclists.org/fulldisclosure/2011/Oct/351
http://www.ubuntu.com/usn/USN-1276-1
https://bugzilla.novell.com/show_bug.cgi?id=708268
https://bugzilla.redhat.com/show_bug.cgi?id=725764

Related CVE
CVE-2019-11596
In memcached before 1.5.14, a NULL pointer dereference was found in the "lru mode" and "lru temp_ttl" commands. This causes a denial of service when parsing crafted lru command messages in process_lru_command in memcached.c.
CVE-2019-9928
GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted response from a server, potentially allowing remote code execution.
CVE-2019-11498
WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack through 5.1.0 has a "Conditional jump or move depends on uninitialised value" condition, which might allow attackers to cause a denial of service (application crash) via a DFF file ...
CVE-2019-2683
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged att...
CVE-2019-2632
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Pluggable Auth). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows unauthenticated attacker with...
CVE-2019-2628
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access v...
CVE-2019-2627
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high p...
CVE-2019-2614
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileg...

Copyright 2019, cxsecurity.com

 

Back to Top