Vulnerability Description
Directory traversal vulnerability in PentaZip 8.5.1.190 and PentaSuite-PRO 8.5.1.221 allows user-assisted remote attackers to extract files to arbitrary pathnames via a ../ (dot dot slash) in a filename.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pentaware | Pentasuite-Pro | 8.5.1.221 |
| Pentaware | Pentazip | 8.5.1.190 |
References
- http://osvdb.org/32864
- http://secunia.com/advisories/21458Vendor Advisory
- http://secunia.com/secunia_research/2006-72/advisory/Vendor Advisory
- http://www.securityfocus.com/bid/22104
- http://www.vupen.com/english/advisories/2007/0235
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31581
- http://osvdb.org/32864
- http://secunia.com/advisories/21458Vendor Advisory
- http://secunia.com/secunia_research/2006-72/advisory/Vendor Advisory
- http://www.securityfocus.com/bid/22104
- http://www.vupen.com/english/advisories/2007/0235
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31581
FAQ
What is CVE-2006-5963?
CVE-2006-5963 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Directory traversal vulnerability in PentaZip 8.5.1.190 and PentaSuite-PRO 8.5.1.221 allows user-assisted remote attackers to extract files to arbitrary pathnames via a ../ (dot dot slash) in a filena...
How severe is CVE-2006-5963?
CVE-2006-5963 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-5963?
Check the references section above for vendor advisories and patch information. Affected products include: Pentaware Pentasuite-Pro, Pentaware Pentazip.