CVE-2007-2058

{"id": "CVE-2007-2058", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2007-04-18T03:19:00.000", "references": [{"url": "http://secunia.com/advisories/24868", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.bugtraq.ir/articles/advisory/picozip_directory_traversal/9", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/23471", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/1377", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33639", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/24868", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.bugtraq.ir/articles/advisory/picozip_directory_traversal/9", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/23471", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2007/1377", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33639", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in Acubix PicoZip 4.02 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the file path in an (1) GZ, (2) TAR, (3) RAR, (4) JAR, or (5) ZIP archive."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en PicoZip 4.02 permite a atacantes remotos con la complicidad del usuario sobrescribir ficheros de su elecci\u00f3n mediante secuencias .. (punto punto) en la ruta de ficheros del tipo (1) GZ, (2) TAR, (3) RAR, (4) JAR, o (5) ZIP."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:picozip:picozip:4.02:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "411955D9-694C-48A7-A6AB-B664D593FC1D"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}