ByteOS Network

Vulnerability Details :

CVE-2014-0809

Assigner-jpcert

Assigner Org ID-ede6fdc4-6654-4307-a26d-3331c018e2ce

Published At-24 Jan, 2014 | 15:00

Updated At-06 Aug, 2024 | 09:27

Directory traversal vulnerability in the Gapless Player SimZip (aka Simple Zip Viewer) application before 1.2.1 for Android allows remote attackers to overwrite or create arbitrary files via a crafted filename.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:jpcert

Assigner Org ID:ede6fdc4-6654-4307-a26d-3331c018e2ce

Published At:24 Jan, 2014 | 15:00

Updated At:06 Aug, 2024 | 09:27

▼CVE Numbering Authority (CNA)

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
http://jvn.jp/en/jp/JVN49384502/index.html	third-party-advisory x_refsource_JVN
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000008	third-party-advisory x_refsource_JVNDB
https://exchange.xforce.ibmcloud.com/vulnerabilities/90980	vdb-entry x_refsource_XF
https://play.google.com/store/apps/details?id=com.acidzazz.simzip	x_refsource_CONFIRM

Hyperlink: http://jvn.jp/en/jp/JVN49384502/index.html

Resource:

third-party-advisory

x_refsource_JVN

Hyperlink: http://jvndb.jvn.jp/jvndb/JVNDB-2014-000008

Resource:

third-party-advisory

x_refsource_JVNDB

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/90980

Resource:

vdb-entry

x_refsource_XF

Hyperlink: https://play.google.com/store/apps/details?id=com.acidzazz.simzip

Resource:

x_refsource_CONFIRM

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
http://jvn.jp/en/jp/JVN49384502/index.html	third-party-advisory x_refsource_JVN x_transferred
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000008	third-party-advisory x_refsource_JVNDB x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/90980	vdb-entry x_refsource_XF x_transferred
https://play.google.com/store/apps/details?id=com.acidzazz.simzip	x_refsource_CONFIRM x_transferred

Hyperlink: http://jvn.jp/en/jp/JVN49384502/index.html

Resource:

third-party-advisory

x_refsource_JVN

x_transferred

Hyperlink: http://jvndb.jvn.jp/jvndb/JVNDB-2014-000008

Resource:

third-party-advisory

x_refsource_JVNDB

x_transferred

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/90980

Resource:

vdb-entry

x_refsource_XF

x_transferred

Hyperlink: https://play.google.com/store/apps/details?id=com.acidzazz.simzip

Resource:

x_refsource_CONFIRM

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:vultures@jpcert.or.jp

Published At:24 Jan, 2014 | 15:08

Updated At:11 Apr, 2025 | 00:51

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N

Type: Primary

Version: 2.0

Base score: 4.3

Base severity: MEDIUM

Vector:

AV:N/AC:M/Au:N/C:N/I:P/A:N

CPE Matches

gapless_player>>simzip>>Versions up to 1.2(inclusive)

cpe:2.3:a:gapless_player:simzip:*:*:*:*:*:*:*:*

gapless_player>>simzip>>1.1

cpe:2.3:a:gapless_player:simzip:1.1:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-22	Primary	nvd@nist.gov

CWE ID: CWE-22

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://jvn.jp/en/jp/JVN49384502/index.html	vultures@jpcert.or.jp	N/A
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000008	vultures@jpcert.or.jp	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/90980	vultures@jpcert.or.jp	N/A
https://play.google.com/store/apps/details?id=com.acidzazz.simzip	vultures@jpcert.or.jp	N/A
http://jvn.jp/en/jp/JVN49384502/index.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000008	af854a3a-2127-422b-91ae-364da2661108	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/90980	af854a3a-2127-422b-91ae-364da2661108	N/A
https://play.google.com/store/apps/details?id=com.acidzazz.simzip	af854a3a-2127-422b-91ae-364da2661108	N/A

Hyperlink: http://jvn.jp/en/jp/JVN49384502/index.html

Source: vultures@jpcert.or.jp

Resource: N/A

Hyperlink: http://jvndb.jvn.jp/jvndb/JVNDB-2014-000008

Source: vultures@jpcert.or.jp

Resource: N/A

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/90980

Source: vultures@jpcert.or.jp

Resource: N/A

Hyperlink: https://play.google.com/store/apps/details?id=com.acidzazz.simzip

Source: vultures@jpcert.or.jp

Resource: N/A

Hyperlink: http://jvn.jp/en/jp/JVN49384502/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A

Hyperlink: http://jvndb.jvn.jp/jvndb/JVNDB-2014-000008

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/90980

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A

Hyperlink: https://play.google.com/store/apps/details?id=com.acidzazz.simzip

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A

Similar CVEs

62Records found

CVE-2018-1002205

Matching Score-4

Assigner-Snyk

View Details

Matching Score-4

Assigner-Snyk

CVSS Score-5.5||MEDIUM

EPSS-0.53% / 66.05%

7 Day CHG~0.00%

Published-25 Jul, 2018 | 17:00

Updated-06 May, 2025 | 15:15

DotNetZip.Semvered before 1.11.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.

Vendor-dotnetzip.semverd_project DotNetZip

Product-dotnetzip.semverd DotNetZip.Semvered

CWE ID-CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVE-2018-1002209

Matching Score-4

Assigner-Snyk

View Details

Matching Score-4

Assigner-Snyk

CVSS Score-5.5||MEDIUM

EPSS-0.86% / 74.08%

7 Day CHG~0.00%

Published-25 Jul, 2018 | 17:00

Updated-16 Sep, 2024 | 19:25

QuaZIP before 0.7.6 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.

Vendor-quazip_project quazip

Product-quazip quazip

CWE ID-CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVE-2018-1002206

Matching Score-4

Assigner-Snyk

View Details

Matching Score-4

Assigner-Snyk

CVSS Score-5.5||MEDIUM

EPSS-2.50% / 84.74%

7 Day CHG~0.00%

Published-25 Jul, 2018 | 17:00

Updated-17 Sep, 2024 | 03:29

SharpCompress before 0.21.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.

Vendor-sharpcompress_project SharpCompress

Product-sharpcompress SharpCompress

CWE ID-CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVE-2018-1002208

Matching Score-4

Assigner-Snyk

View Details

Matching Score-4

Assigner-Snyk

CVSS Score-5.5||MEDIUM

EPSS-2.95% / 85.92%

7 Day CHG~0.00%

Published-25 Jul, 2018 | 17:00

Updated-05 Aug, 2024 | 12:47

SharpZipLib before 1.0 RC1 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.

Vendor-sharpziplib_project SharpZipLib

Product-sharpziplib SharpZipLib

CWE ID-CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVE-2018-1002200

Matching Score-4

Assigner-Snyk

View Details

Matching Score-4

Assigner-Snyk

CVSS Score-5.5||MEDIUM

EPSS-1.90% / 82.49%

7 Day CHG~0.00%

Published-25 Jul, 2018 | 17:00

Updated-05 Aug, 2024 | 12:47

plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.

Vendor-codehaus-plexus Codehaus Debian GNU/Linux Red Hat, Inc.

Product-debian_linux enterprise_linux_workstation plexus-archiver enterprise_linux enterprise_linux_desktop plexus-archiver

CWE ID-CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVE-2018-1000079

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-5.5||MEDIUM

EPSS-0.29% / 52.18%

7 Day CHG~0.00%

Published-13 Mar, 2018 | 15:00

Updated-05 Aug, 2024 | 12:33

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in gem installation that can result in the gem could write to arbitrary filesystem locations during installation. This attack appear to be exploitable via the victim must install a malicious gem. This vulnerability appears to have been fixed in 2.7.6.

Vendor-rubygems n/a

Product-rubygems n/a

CWE ID-CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVE-2021-42556

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-5.5||MEDIUM

EPSS-1.24% / 78.39%

7 Day CHG~0.00%

Published-22 Oct, 2021 | 18:36

Updated-04 Aug, 2024 | 03:38

Rasa X before 0.42.4 allows Directory Traversal during archive extraction. In the functionality that allows a user to load a trained model archive, an attacker has arbitrary write capability within specific directories via a crafted archive file.

Vendor-rasa n/a

Product-rasa_x n/a

CWE ID-CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVE-2018-1000801

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-5.5||MEDIUM

EPSS-2.28% / 84.01%

7 Day CHG~0.00%

Published-06 Sep, 2018 | 18:00

Updated-05 Aug, 2024 | 12:40

okular version 18.08 and earlier contains a Directory Traversal vulnerability in function "unpackDocumentArchive(...)" in "core/document.cpp" that can result in Arbitrary file creation on the user workstation. This attack appear to be exploitable via he victim must open a specially crafted Okular archive. This issue appears to have been corrected in version 18.08.1

Vendor-n/a KDE Debian GNU/Linux

Product-debian_linux okular n/a

CWE ID-CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVE-2018-0660

Matching Score-4

Assigner-JPCERT/CC

View Details

Matching Score-4

Assigner-JPCERT/CC

CVSS Score-3.3||LOW

EPSS-0.21% / 43.87%

7 Day CHG~0.00%

Published-07 Sep, 2018 | 14:00

Updated-05 Aug, 2024 | 03:35

Directory traversal vulnerability in ver.2.8.4.0 and earlier and ver.3.3.0.0 and earlier allows an attacker to create arbitrary files via specially crafted ATC file.

Vendor-hibara HiBARA Software

Product-attachecase AttacheCase

CWE ID-CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVE-2017-8314

Matching Score-4

Assigner-Check Point Software Ltd.

View Details

Matching Score-4

Assigner-Check Point Software Ltd.

CVSS Score-5.5||MEDIUM

EPSS-6.92% / 91.02%

7 Day CHG~0.00%

Published-23 May, 2017 | 21:00

Updated-20 Apr, 2025 | 01:37

Directory Traversal in Zip Extraction built-in function in Kodi 17.1 and earlier allows arbitrary file write on disk via a Zip file as subtitles.

Vendor-kodi XBMC Foundation Debian GNU/Linux

Product-kodi debian_linux Kodi (XBMC)

CWE ID-CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVE-2021-40964

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-6.5||MEDIUM

EPSS-4.30% / 88.42%

7 Day CHG~0.00%

Published-15 Sep, 2021 | 17:12

Updated-04 Aug, 2024 | 02:59

A Path Traversal vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload a file (with Admin credentials or with the CSRF vulnerability) with the "fullpath" parameter containing path traversal strings (../ and ..\) in order to escape the server's intended working directory and write malicious files onto any directory on the computer.

Vendor-tinyfilemanager_project n/a

Product-tinyfilemanager n/a

CWE ID-CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVE-2021-24761

Matching Score-4

Assigner-WPScan

View Details

Matching Score-4

Assigner-WPScan

CVSS Score-6.5||MEDIUM

EPSS-0.28% / 51.01%

7 Day CHG~0.00%

Published-01 Feb, 2022 | 12:21

Updated-03 Aug, 2024 | 19:42

Error Log Viewer < 1.1.2 - Arbitrary Text File Deletion via CSRF

The Error Log Viewer WordPress plugin before 1.1.2 does not perform nonce check when deleting a log file and does not have path traversal prevention, which could allow attackers to make a logged in admin delete arbitrary text files on the web server.

Vendor-Unknown BestWebSoft

Product-error_log_viewer Error Log Viewer by BestWebSoft

CWE ID-CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2014-0809

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs