Search

Find a vulnerability

Search criteria

    5 vulnerabilities found for Explzh by pon software

    CVE-2018-0646 (GCVE-0-2018-0646)

    Vulnerability from nvd – Published: 2018-09-04 13:00 – Updated: 2024-08-05 03:35
    VLAI
    Summary
    Directory traversal vulnerability in Explzh v.7.58 and earlier allows an attacker to read arbitrary files via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Directory traversal
    Assigner
    References
    URL Tags
    https://www.ponsoftware.com/archiver/explzh/explz… x_refsource_CONFIRM
    http://jvn.jp/en/jp/JVN55813866/index.html third-party-advisoryx_refsource_JVN
    Impacted products
    Vendor Product Version
    pon software Explzh Affected: v.7.58 and earlier
    Create a notification for this product.
    Date Public
    2018-07-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:35:48.759Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ponsoftware.com/archiver/explzh/explzh.htm#explz759"
              },
              {
                "name": "JVN#55813866",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN55813866/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Explzh",
              "vendor": "pon software",
              "versions": [
                {
                  "status": "affected",
                  "version": "v.7.58 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2018-07-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in Explzh v.7.58 and earlier allows an attacker to read arbitrary files via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Directory traversal",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-04T12:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ponsoftware.com/archiver/explzh/explzh.htm#explz759"
            },
            {
              "name": "JVN#55813866",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN55813866/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2018-0646",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Explzh",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "v.7.58 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "pon software"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in Explzh v.7.58 and earlier allows an attacker to read arbitrary files via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Directory traversal"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ponsoftware.com/archiver/explzh/explzh.htm#explz759",
                  "refsource": "CONFIRM",
                  "url": "https://www.ponsoftware.com/archiver/explzh/explzh.htm#explz759"
                },
                {
                  "name": "JVN#55813866",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN55813866/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2018-0646",
        "datePublished": "2018-09-04T13:00:00.000Z",
        "dateReserved": "2017-11-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T03:35:48.759Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-0646 (GCVE-0-2018-0646)

    Vulnerability from cvelistv5 – Published: 2018-09-04 13:00 – Updated: 2024-08-05 03:35
    VLAI
    Summary
    Directory traversal vulnerability in Explzh v.7.58 and earlier allows an attacker to read arbitrary files via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Directory traversal
    Assigner
    References
    URL Tags
    https://www.ponsoftware.com/archiver/explzh/explz… x_refsource_CONFIRM
    http://jvn.jp/en/jp/JVN55813866/index.html third-party-advisoryx_refsource_JVN
    Impacted products
    Vendor Product Version
    pon software Explzh Affected: v.7.58 and earlier
    Create a notification for this product.
    Date Public
    2018-07-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:35:48.759Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ponsoftware.com/archiver/explzh/explzh.htm#explz759"
              },
              {
                "name": "JVN#55813866",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN55813866/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Explzh",
              "vendor": "pon software",
              "versions": [
                {
                  "status": "affected",
                  "version": "v.7.58 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2018-07-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in Explzh v.7.58 and earlier allows an attacker to read arbitrary files via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Directory traversal",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-04T12:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ponsoftware.com/archiver/explzh/explzh.htm#explz759"
            },
            {
              "name": "JVN#55813866",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN55813866/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2018-0646",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Explzh",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "v.7.58 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "pon software"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in Explzh v.7.58 and earlier allows an attacker to read arbitrary files via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Directory traversal"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ponsoftware.com/archiver/explzh/explzh.htm#explz759",
                  "refsource": "CONFIRM",
                  "url": "https://www.ponsoftware.com/archiver/explzh/explzh.htm#explz759"
                },
                {
                  "name": "JVN#55813866",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN55813866/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2018-0646",
        "datePublished": "2018-09-04T13:00:00.000Z",
        "dateReserved": "2017-11-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T03:35:48.759Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    JVNDB-2018-000079

    Vulnerability from jvndb - Published: 2018-07-13 14:47 - Updated:2019-07-25 16:26
    Severity
    Summary
    Explzh vulnerable to directory traversal
    Details
    Explzh is a file compression/extraction software supporting multiple file formats. Explzh contains a directory traversal vulnerability (CWE-22). Explzh is not vulnerable to relative path traversal but to absolute path traversal. Therefore, an attacker may create new files or overwrite existing files on the directory accessible with the privileges for extracting files with Explzh. Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000079.html",
      "dc:date": "2019-07-25T16:26+09:00",
      "dcterms:issued": "2018-07-13T14:47+09:00",
      "dcterms:modified": "2019-07-25T16:26+09:00",
      "description": "Explzh is a file compression/extraction software supporting multiple file formats. Explzh contains a directory traversal vulnerability (CWE-22).\r\n\r\nExplzh is not vulnerable to relative path traversal but to absolute path traversal. Therefore, an attacker may create new files or overwrite existing files on the directory accessible with the privileges for extracting files with Explzh.\r\n\r\nYuji Tounai of NTT Communications Corporation reported this vulnerability to IPA.\r\n JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000079.html",
      "sec:cpe": {
        "#text": "cpe:/a:ponsoftware:explzh",
        "@product": "Explzh",
        "@vendor": "pon software",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "4.3",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "@version": "2.0"
        },
        {
          "@score": "3.3",
          "@severity": "Low",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2018-000079",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN55813866/index.html",
          "@id": "JVN#55813866",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0646",
          "@id": "CVE-2018-0646",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0646",
          "@id": "CVE-2018-0646",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-22",
          "@title": "Path Traversal(CWE-22)"
        }
      ],
      "title": "Explzh vulnerable to directory traversal"
    }

    JVNDB-2010-000043

    Vulnerability from jvndb - Published: 2010-10-20 17:41 - Updated:2010-10-20 17:41
    Severity
    N/A (UNKNOWN) - -
    Summary
    Explzh may insecurely load executable files
    Details
    Explzh may use unsafe methods for determining how to load executables (.exe). Explzh is a file compression/extraction software supporting multiple file formats. Explzh loads certain executables (.exe) when extracting files. Explzh contains an issue with the file search path, which may insecurely load executables. Makoto Shiotsuki reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000043.html",
      "dc:date": "2010-10-20T17:41+09:00",
      "dcterms:issued": "2010-10-20T17:41+09:00",
      "dcterms:modified": "2010-10-20T17:41+09:00",
      "description": "Explzh may use unsafe methods for determining how to load executables (.exe).\r\n\r\nExplzh is a file compression/extraction software supporting multiple file formats. Explzh loads certain executables (.exe) when extracting files. Explzh contains an issue with the file search path, which may insecurely load executables.\r\n\r\nMakoto Shiotsuki reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000043.html",
      "sec:cpe": {
        "#text": "cpe:/a:ponsoftware:explzh",
        "@product": "Explzh",
        "@vendor": "pon software",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "5.1",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2010-000043",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN85599999/index.html",
          "@id": "JVN#85599999",
          "@source": "JVN"
        },
        {
          "#text": "https://jvn.jp/en/tr/JVNTR-2010-23/index.html",
          "@id": "JVNTR-2010-23",
          "@source": "JVNTR"
        },
        {
          "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3159",
          "@id": "CVE-2010-3159",
          "@source": "CVE"
        },
        {
          "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3159",
          "@id": "CVE-2010-3159",
          "@source": "NVD"
        },
        {
          "#text": "http://www.us-cert.gov/cas/techalerts/TA10-238A.html",
          "@id": "TA10-238A",
          "@source": "CERT-TA"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Explzh may insecurely load executable files"
    }

    JVNDB-2010-000026

    Vulnerability from jvndb - Published: 2010-06-22 16:37 - Updated:2010-06-22 16:37
    Severity
    N/A (UNKNOWN) - -
    Summary
    Explzh buffer overflow vulnerability
    Details
    Explzh contains a buffer overflow vulnerability. Explzh, a file compression/decompression software supporting multiple compression file formats, contains a buffer overflow vulnerability when processing a LHA file header. Note that versions of Explzh that contain "Arcext.dll" version 2.16.1 and earlier are vulnerable. Kenju Takano reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000026.html",
      "dc:date": "2010-06-22T16:37+09:00",
      "dcterms:issued": "2010-06-22T16:37+09:00",
      "dcterms:modified": "2010-06-22T16:37+09:00",
      "description": "Explzh contains a buffer overflow vulnerability.\r\n\r\nExplzh, a file compression/decompression software supporting multiple compression file formats, contains a buffer overflow vulnerability when processing a LHA file header.\r\n\r\nNote that versions of Explzh that contain \"Arcext.dll\" version 2.16.1 and earlier are vulnerable.\r\n\r\nKenju Takano reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000026.html",
      "sec:cpe": {
        "#text": "cpe:/a:ponsoftware:explzh",
        "@product": "Explzh",
        "@vendor": "pon software",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "6.8",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2010-000026",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN34729123/index.html",
          "@id": "JVN#34729123",
          "@source": "JVN"
        },
        {
          "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2434",
          "@id": "CVE-2010-2434",
          "@source": "CVE"
        },
        {
          "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2434",
          "@id": "CVE-2010-2434",
          "@source": "NVD"
        },
        {
          "#text": "http://secunia.com/advisories/40324",
          "@id": "SA40324",
          "@source": "SECUNIA"
        },
        {
          "#text": "http://www.securityfocus.com/bid/41025",
          "@id": "41025",
          "@source": "BID"
        },
        {
          "#text": "http://xforce.iss.net/xforce/xfdb/59624",
          "@id": "59624",
          "@source": "XF"
        },
        {
          "#text": "http://osvdb.org/65666",
          "@id": "65666",
          "@source": "OSVDB"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-119",
          "@title": "Buffer Errors(CWE-119)"
        }
      ],
      "title": "Explzh buffer overflow vulnerability"
    }