Directory traversal vulnerability in e-merge WinAce 2.6 and earlier allows remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a (1) zip or (2) tar archive.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:H/Au:N/C:P/I:P/A:N
Vendors Products
E-merge
  • E-merge Winace

Configuration 1 [-]

cpe:2.3:a:e-merge:e-merge_winace:2.6:*:*:*:*:*:*:*
References
Link Resource
http://secunia.com/advisories/19013 Vendor Advisory
http://www.hamid.ir/security/winace.txt Exploit Vendor Advisory
http://www.osvdb.org/23464 Vendor Advisory
http://www.securityfocus.com/archive/1/425971/100/0/threaded
http://www.securityfocus.com/bid/16800 Exploit Vendor Advisory
http://www.vupen.com/english/advisories/2006/0730
https://exchange.xforce.ibmcloud.com/vulnerabilities/24902
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2006-03-03T11:00:00

Updated: 2018-10-18T14:57:01

Reserved: 2006-03-03T00:00:00

Link: CVE-2006-0981

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2006-03-03T11:02:00.000

Modified: 2018-10-18T16:30:01.680

Link: CVE-2006-0981

JSON object: View

cve-icon Redhat Information

No data.

CWE