Search criteria
5 vulnerabilities found for Explzh by pon software
CVE-2018-0646 (GCVE-0-2018-0646)
Vulnerability from cvelistv5 – Published: 2018-09-04 13:00 – Updated: 2024-08-05 03:35
VLAI?
Summary
Directory traversal vulnerability in Explzh v.7.58 and earlier allows an attacker to read arbitrary files via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- Directory traversal
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pon software | Explzh |
Affected:
v.7.58 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:35:48.759Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ponsoftware.com/archiver/explzh/explzh.htm#explz759"
},
{
"name": "JVN#55813866",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN55813866/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Explzh",
"vendor": "pon software",
"versions": [
{
"status": "affected",
"version": "v.7.58 and earlier"
}
]
}
],
"datePublic": "2018-07-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Explzh v.7.58 and earlier allows an attacker to read arbitrary files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-04T12:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ponsoftware.com/archiver/explzh/explzh.htm#explz759"
},
{
"name": "JVN#55813866",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN55813866/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0646",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Explzh",
"version": {
"version_data": [
{
"version_value": "v.7.58 and earlier"
}
]
}
}
]
},
"vendor_name": "pon software"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Explzh v.7.58 and earlier allows an attacker to read arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ponsoftware.com/archiver/explzh/explzh.htm#explz759",
"refsource": "CONFIRM",
"url": "https://www.ponsoftware.com/archiver/explzh/explzh.htm#explz759"
},
{
"name": "JVN#55813866",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN55813866/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0646",
"datePublished": "2018-09-04T13:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T03:35:48.759Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0646 (GCVE-0-2018-0646)
Vulnerability from nvd – Published: 2018-09-04 13:00 – Updated: 2024-08-05 03:35
VLAI?
Summary
Directory traversal vulnerability in Explzh v.7.58 and earlier allows an attacker to read arbitrary files via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- Directory traversal
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pon software | Explzh |
Affected:
v.7.58 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:35:48.759Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ponsoftware.com/archiver/explzh/explzh.htm#explz759"
},
{
"name": "JVN#55813866",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN55813866/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Explzh",
"vendor": "pon software",
"versions": [
{
"status": "affected",
"version": "v.7.58 and earlier"
}
]
}
],
"datePublic": "2018-07-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Explzh v.7.58 and earlier allows an attacker to read arbitrary files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-04T12:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ponsoftware.com/archiver/explzh/explzh.htm#explz759"
},
{
"name": "JVN#55813866",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN55813866/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0646",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Explzh",
"version": {
"version_data": [
{
"version_value": "v.7.58 and earlier"
}
]
}
}
]
},
"vendor_name": "pon software"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Explzh v.7.58 and earlier allows an attacker to read arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ponsoftware.com/archiver/explzh/explzh.htm#explz759",
"refsource": "CONFIRM",
"url": "https://www.ponsoftware.com/archiver/explzh/explzh.htm#explz759"
},
{
"name": "JVN#55813866",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN55813866/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0646",
"datePublished": "2018-09-04T13:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T03:35:48.759Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2018-000079
Vulnerability from jvndb - Published: 2018-07-13 14:47 - Updated:2019-07-25 16:26
Severity ?
Summary
Explzh vulnerable to directory traversal
Details
Explzh is a file compression/extraction software supporting multiple file formats. Explzh contains a directory traversal vulnerability (CWE-22).
Explzh is not vulnerable to relative path traversal but to absolute path traversal. Therefore, an attacker may create new files or overwrite existing files on the directory accessible with the privileges for extracting files with Explzh.
Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000079.html",
"dc:date": "2019-07-25T16:26+09:00",
"dcterms:issued": "2018-07-13T14:47+09:00",
"dcterms:modified": "2019-07-25T16:26+09:00",
"description": "Explzh is a file compression/extraction software supporting multiple file formats. Explzh contains a directory traversal vulnerability (CWE-22).\r\n\r\nExplzh is not vulnerable to relative path traversal but to absolute path traversal. Therefore, an attacker may create new files or overwrite existing files on the directory accessible with the privileges for extracting files with Explzh.\r\n\r\nYuji Tounai of NTT Communications Corporation reported this vulnerability to IPA.\r\n JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000079.html",
"sec:cpe": {
"#text": "cpe:/a:ponsoftware:explzh",
"@product": "Explzh",
"@vendor": "pon software",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "3.3",
"@severity": "Low",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2018-000079",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN55813866/index.html",
"@id": "JVN#55813866",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0646",
"@id": "CVE-2018-0646",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0646",
"@id": "CVE-2018-0646",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
}
],
"title": "Explzh vulnerable to directory traversal"
}
JVNDB-2010-000043
Vulnerability from jvndb - Published: 2010-10-20 17:41 - Updated:2010-10-20 17:41Summary
Explzh may insecurely load executable files
Details
Explzh may use unsafe methods for determining how to load executables (.exe).
Explzh is a file compression/extraction software supporting multiple file formats. Explzh loads certain executables (.exe) when extracting files. Explzh contains an issue with the file search path, which may insecurely load executables.
Makoto Shiotsuki reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000043.html",
"dc:date": "2010-10-20T17:41+09:00",
"dcterms:issued": "2010-10-20T17:41+09:00",
"dcterms:modified": "2010-10-20T17:41+09:00",
"description": "Explzh may use unsafe methods for determining how to load executables (.exe).\r\n\r\nExplzh is a file compression/extraction software supporting multiple file formats. Explzh loads certain executables (.exe) when extracting files. Explzh contains an issue with the file search path, which may insecurely load executables.\r\n\r\nMakoto Shiotsuki reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000043.html",
"sec:cpe": {
"#text": "cpe:/a:ponsoftware:explzh",
"@product": "Explzh",
"@vendor": "pon software",
"@version": "2.2"
},
"sec:cvss": {
"@score": "5.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2010-000043",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN85599999/index.html",
"@id": "JVN#85599999",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/tr/JVNTR-2010-23/index.html",
"@id": "JVNTR-2010-23",
"@source": "JVNTR"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3159",
"@id": "CVE-2010-3159",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3159",
"@id": "CVE-2010-3159",
"@source": "NVD"
},
{
"#text": "http://www.us-cert.gov/cas/techalerts/TA10-238A.html",
"@id": "TA10-238A",
"@source": "CERT-TA"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Explzh may insecurely load executable files"
}
JVNDB-2010-000026
Vulnerability from jvndb - Published: 2010-06-22 16:37 - Updated:2010-06-22 16:37Summary
Explzh buffer overflow vulnerability
Details
Explzh contains a buffer overflow vulnerability.
Explzh, a file compression/decompression software supporting multiple compression file formats, contains a buffer overflow vulnerability when processing a LHA file header.
Note that versions of Explzh that contain "Arcext.dll" version 2.16.1 and earlier are vulnerable.
Kenju Takano reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000026.html",
"dc:date": "2010-06-22T16:37+09:00",
"dcterms:issued": "2010-06-22T16:37+09:00",
"dcterms:modified": "2010-06-22T16:37+09:00",
"description": "Explzh contains a buffer overflow vulnerability.\r\n\r\nExplzh, a file compression/decompression software supporting multiple compression file formats, contains a buffer overflow vulnerability when processing a LHA file header.\r\n\r\nNote that versions of Explzh that contain \"Arcext.dll\" version 2.16.1 and earlier are vulnerable.\r\n\r\nKenju Takano reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000026.html",
"sec:cpe": {
"#text": "cpe:/a:ponsoftware:explzh",
"@product": "Explzh",
"@vendor": "pon software",
"@version": "2.2"
},
"sec:cvss": {
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2010-000026",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN34729123/index.html",
"@id": "JVN#34729123",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2434",
"@id": "CVE-2010-2434",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2434",
"@id": "CVE-2010-2434",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/40324",
"@id": "SA40324",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/41025",
"@id": "41025",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/59624",
"@id": "59624",
"@source": "XF"
},
{
"#text": "http://osvdb.org/65666",
"@id": "65666",
"@source": "OSVDB"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-119",
"@title": "Buffer Errors(CWE-119)"
}
],
"title": "Explzh buffer overflow vulnerability"
}