ZipGenius Multiple Directory Traversal Vulnerabilities
BID:12419
Info
ZipGenius Multiple Directory Traversal Vulnerabilities
| Bugtraq ID: | 12419 |
| Class: | Input Validation Error |
| CVE: |
CVE-2005-0329 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 02 2005 12:00AM |
| Updated: | Jul 12 2009 10:06AM |
| Credit: | Discovery is credited to Albert Puigsech Galicia <[email protected]>. |
| Vulnerable: |
ZipGenius ZipGenius Suite Edition 5.5 ZipGenius ZipGenius Standard Edition 5.5 |
| Not Vulnerable: |
ZipGenius ZipGenius Suite Edition 6.0 Beta 5 ZipGenius ZipGenius Standard Edition 6.0 Beta 5 |
Discussion
ZipGenius Multiple Directory Traversal Vulnerabilities
ZipGenius is prone to multiple vulnerabilities that may allow an attacker to create files in arbitrary locations on a vulnerable computer. These issues result from insufficient sanitization of user-supplied data.
These issues present themselves when a file name containing directory traversal sequences is processed by the application.
ZipGenius 5.5 and prior versions are reported vulnerable to these issues.
ZipGenius is prone to multiple vulnerabilities that may allow an attacker to create files in arbitrary locations on a vulnerable computer. These issues result from insufficient sanitization of user-supplied data.
These issues present themselves when a file name containing directory traversal sequences is processed by the application.
ZipGenius 5.5 and prior versions are reported vulnerable to these issues.
Exploit / POC
ZipGenius Multiple Directory Traversal Vulnerabilities
An exploit is not required.
An exploit is not required.
Solution / Fix
ZipGenius Multiple Directory Traversal Vulnerabilities
Solution:
These issues have been addressed in ZipGenius 6.0 Beta releases.
ZipGenius ZipGenius Suite Edition 5.5
ZipGenius ZipGenius Standard Edition 5.5
Solution:
These issues have been addressed in ZipGenius 6.0 Beta releases.
ZipGenius ZipGenius Suite Edition 5.5
-
ZipGenius zg6sui_b5.exe
http://web.rossoalice.it/zipgenius/zg6/zg6sui_b5.exe
ZipGenius ZipGenius Standard Edition 5.5
-
ZipGenius zg6std_b5.exe
http://web.rossoalice.it/zipgenius/zg6/zg6std_b5.exe
References
ZipGenius Multiple Directory Traversal Vulnerabilities
References:
References:
- ZipGenius Home page (ZipGenius)
- 7a69Adv#19 - ZipGenius unpack path disclosure (Albert Puigsech Galicia
- 7a69Adv#20 - ZipGenius unpack one-folder path disclosure (Albert Puigsech Galicia