Description
Directory traversal vulnerability in Ark 4.7.x and earlier allows remote attackers to delete and force the display of arbitrary files via .. (dot dot) sequences in a zip file.
References (6)
Core 6
Core References
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2011/Oct/351
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2012-03/msg00002.html
Exploit x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=725764
Issue Tracking x_refsource_misc
https://bugzilla.novell.com/show_bug.cgi?id=708268
Exploit x_refsource_misc
http://packetstormsecurity.com/files/105610/Ark-2.16-Directory-Traversal.html
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1276-1
Scores
EPSS
0.0038
EPSS Percentile
59.7%
Details
CWE
CWE-22
Status
published
Products (11)
canonical/ubuntu_linux
10.04
canonical/ubuntu_linux
10.10
canonical/ubuntu_linux
11.04
canonical/ubuntu_linux
11.10
kde/ark
< 2.17
kde/kde_sc
4.7.0
kde/kde_sc
4.7.1
kde/kde_sc
4.7.2
kde/kde_sc
4.7.3
kde/kde_sc
< 4.7.4
... and 1 more
Published
Feb 04, 2014
Tracked Since
Feb 18, 2026