5
CVE-2004-1027
- EPSS 2.74%
- Veröffentlicht 01.03.2005 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:06:52
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Directory traversal vulnerability in the -x (extract) command line option in unarj allows remote attackers to overwrite arbitrary files via an arj archive with filenames that contain .. (dot dot) sequences.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Arjsoftware ≫ Unarj Version2.62
Arjsoftware ≫ Unarj Version2.63 Updatea
Arjsoftware ≫ Unarj Version2.64
Arjsoftware ≫ Unarj Version2.65
Debian ≫ Debian Linux Version3.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.74% | 0.842 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:N
|
http://www.debian.org/security/2005/dsa-628
http://lwn.net/Articles/121827/
http://www.debian.org/security/2005/dsa-652
http://www.redhat.com/support/errata/RHSA-2005-007.html
http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027348.html
http://security.gentoo.org/glsa/glsa-200411-29.xml
http://www.securityfocus.com/bid/11436
https://exchange.xforce.ibmcloud.com/vulnerabilities/17684