VYPR

Lhaz

by Lhaz

CVEs (7)

  • CVE-2017-2249HigJul 17, 2017
    risk 0.51cvss 7.8epss 0.01

    Untrusted search path vulnerability in Self-extracting archive files created by Lhaz+ version 3.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2017-2248HigJul 17, 2017
    risk 0.51cvss 7.8epss 0.01

    Untrusted search path vulnerability in Installer of Lhaz+ version 3.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2017-2247HigJul 17, 2017
    risk 0.51cvss 7.8epss 0.01

    Untrusted search path vulnerability in Self-extracting archive files created by Lhaz version 2.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2017-2246HigJul 17, 2017
    risk 0.51cvss 7.8epss 0.01

    Untrusted search path vulnerability in Installer of Lhaz version 2.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2026-41530LowMay 12, 2026
    risk 0.21cvss 3.3epss 0.00

    The automatic folder creation feature of Lhaz and Lhaz+ provided by Chitora soft contains a path traversal vulnerability. When the affected product is configured with the automatic folder creation feature enabled, and a product user tries to extract an archive file which has a…

  • CVE-2007-4428Aug 20, 2007
    risk 0.00cvss epss 0.03

    Lhaz 1.33 allows remote attackers to execute arbitrary code via unknown vectors, as actively exploited in August 2007 by the Exploit-LHAZ.a gzip file, a different issue than CVE-2006-4116.

  • CVE-2006-4116Aug 14, 2006
    risk 0.00cvss epss 0.03

    Multiple stack-based buffer overflows in Lhaz before 1.32 allow user-assisted attackers to execute arbitrary code via a long filename in (1) an LHZ archive, when saving the filename during extraction; and (2) an LHZ archive with an invalid CRC checksum, when constructing an…