Vulnerability Description
Multiple directory traversal vulnerabilities in Christian Kindahl TUGZip 3.4.0.0, 3.3.0.0, and 3.1.0.2 allow user-assisted attackers to create files in arbitrary directories via a .. (dot dot) in an archive pack with a crafted (1) .gz, (2) .jar, (3) .rar, or (4) .zip file.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tugzip | Tugzip | 3.1.0.2 |
References
- http://securityreason.com/securityalert/686
- http://www.hamid.ir/security/tugzip.txtExploit
- http://www.securityfocus.com/archive/1/430433/100/0/threaded
- http://www.securityfocus.com/bid/17432Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25713
- http://securityreason.com/securityalert/686
- http://www.hamid.ir/security/tugzip.txtExploit
- http://www.securityfocus.com/archive/1/430433/100/0/threaded
- http://www.securityfocus.com/bid/17432Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25713
FAQ
What is CVE-2006-1715?
CVE-2006-1715 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Multiple directory traversal vulnerabilities in Christian Kindahl TUGZip 3.4.0.0, 3.3.0.0, and 3.1.0.2 allow user-assisted attackers to create files in arbitrary directories via a .. (dot dot) in an a...
How severe is CVE-2006-1715?
CVE-2006-1715 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-1715?
Check the references section above for vendor advisories and patch information. Affected products include: Tugzip Tugzip.