CVE-2006-0981 - Vulnerability Details - OpenCVE

Directory traversal vulnerability in e-merge WinAce 2.6 and earlier allows remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a (1) zip or (2) tar archive.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
E-merge	E-merge Winace

Configuration 1 [-]

cpe:2.3:a:e-merge:e-merge_winace:2.6:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://secunia.com/advisories/19013
http://www.hamid.ir/security/winace.txt
http://www.osvdb.org/23464
http://www.securityfocus.com/archive/1/425971/100/0/threaded
http://www.securityfocus.com/bid/16800
http://www.vupen.com/english/advisories/2006/0730
https://exchange.xforce.ibmcloud.com/vulnerabilities/24902

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-03-03T11:00:00

Updated: 2024-08-07T16:56:15.509Z

Reserved: 2006-03-03T00:00:00

Link: CVE-2006-0981

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-03-03T11:02:00.000

Modified: 2024-11-21T00:07:46.707

Link: CVE-2006-0981

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-02-24T00:00:00", "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in e-merge WinAce 2.6 and earlier allows remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a (1) zip or (2) tar archive."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-18T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "16800", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/16800"}, {"name": "23464", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/23464"}, {"tags": ["x_refsource_MISC"], "url": "http://www.hamid.ir/security/winace.txt"}, {"name": "19013", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/19013"}, {"name": "ADV-2006-0730", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/0730"}, {"name": "winace-rar-tar-directory-traversal(24902)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24902"}, {"name": "20060224 WinAce Archiver v2.6 Directory traversal", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/425971/100/0/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-0981", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory traversal vulnerability in e-merge WinAce 2.6 and earlier allows remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a (1) zip or (2) tar archive."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "16800", "refsource": "BID", "url": "http://www.securityfocus.com/bid/16800"}, {"name": "23464", "refsource": "OSVDB", "url": "http://www.osvdb.org/23464"}, {"name": "http://www.hamid.ir/security/winace.txt", "refsource": "MISC", "url": "http://www.hamid.ir/security/winace.txt"}, {"name": "19013", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19013"}, {"name": "ADV-2006-0730", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/0730"}, {"name": "winace-rar-tar-directory-traversal(24902)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24902"}, {"name": "20060224 WinAce Archiver v2.6 Directory traversal", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/425971/100/0/threaded"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T16:56:15.509Z"}, "title": "CVE Program Container", "references": [{"name": "16800", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/16800"}, {"name": "23464", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/23464"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.hamid.ir/security/winace.txt"}, {"name": "19013", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/19013"}, {"name": "ADV-2006-0730", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/0730"}, {"name": "winace-rar-tar-directory-traversal(24902)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24902"}, {"name": "20060224 WinAce Archiver v2.6 Directory traversal", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/425971/100/0/threaded"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-0981", "datePublished": "2006-03-03T11:00:00", "dateReserved": "2006-03-03T00:00:00", "dateUpdated": "2024-08-07T16:56:15.509Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:e-merge:e-merge_winace:2.6:*:*:*:*:*:*:*", "matchCriteriaId": "C6DA54FE-1F83-4E2E-967A-F6D3BCB9478A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in e-merge WinAce 2.6 and earlier allows remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a (1) zip or (2) tar archive."}], "evaluatorSolution": "This vulnerability affects e-merge, WinAce versions 2.6 and previous.", "id": "CVE-2006-0981", "lastModified": "2024-11-21T00:07:46.707", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2006-03-03T11:02:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/19013"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.hamid.ir/security/winace.txt"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.osvdb.org/23464"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/425971/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/16800"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/0730"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24902"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/19013"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.hamid.ir/security/winace.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.osvdb.org/23464"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/425971/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/16800"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/0730"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24902"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}