Unrated severityNVD Advisory· Published May 22, 2006· Updated Apr 16, 2026
CVE-2006-2520
CVE-2006-2520
Description
Directory traversal vulnerability in BitZipper 4.1.2 SR-1 and earlier allows remote attackers to create files in arbitrary directories via a .. (dot dot) in the filename of a file that is stored in a (1) RAR (.rar), (2) TAR (.tar), (3) ZIP (.zip), (4) GZ (.gz), or (5) JAR (.jar) archive.
Affected products
9cpe:2.3:a:bitberry_software:bitzipper:3.2:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:bitberry_software:bitzipper:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:bitberry_software:bitzipper:3.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:bitberry_software:bitzipper:3.3:*:*:*:*:*:*:*
- cpe:2.3:a:bitberry_software:bitzipper:3.4:*:*:*:*:*:*:*
- cpe:2.3:a:bitberry_software:bitzipper:3.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:bitberry_software:bitzipper:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:bitberry_software:bitzipper:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:bitberry_software:bitzipper:4.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:bitberry_software:bitzipper:4.1.2:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- hamid.ir/security/bitzipper.txtnvdExploitVendor Advisory
- secunia.com/advisories/20207nvdVendor Advisory
- securitytracker.com/idnvd
- www.osvdb.org/25693nvd
- www.securityfocus.com/archive/1/434713/100/0/threadednvd
- www.securityfocus.com/bid/18065nvd
- www.vupen.com/english/advisories/2006/1907nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/26626nvd
News mentions
0No linked articles in our index yet.