VYPR
Unrated severityNVD Advisory· Published May 22, 2006· Updated Jun 16, 2026

CVE-2006-2520

CVE-2006-2520

Description

Directory traversal vulnerability in BitZipper 4.1.2 SR-1 and earlier allows remote attackers to create files in arbitrary directories via a .. (dot dot) in the filename of a file that is stored in a (1) RAR (.rar), (2) TAR (.tar), (3) ZIP (.zip), (4) GZ (.gz), or (5) JAR (.jar) archive.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

10
  • cpe:2.3:a:bitberry_software:bitzipper:3.2:*:*:*:*:*:*:*+ 9 more
    • cpe:2.3:a:bitberry_software:bitzipper:3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:bitberry_software:bitzipper:3.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:bitberry_software:bitzipper:3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:bitberry_software:bitzipper:3.4:*:*:*:*:*:*:*
    • cpe:2.3:a:bitberry_software:bitzipper:3.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:bitberry_software:bitzipper:4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:bitberry_software:bitzipper:4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:bitberry_software:bitzipper:4.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:bitberry_software:bitzipper:4.1.2:*:*:*:*:*:*:*
    • (no CPE)range: <=4.1.2 SR-1

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.