Lhaz
Monthly
Path traversal vulnerability in Lhaz and Lhaz+ archive extraction allows local users to write files to unintended directories when the automatic folder creation feature is enabled and a crafted archive is extracted. The vulnerability requires user interaction (extracting a malicious archive) and affects only the integrity of file placement, not confidentiality or availability. CVSS score is 3.3 (low); no public exploit code or active exploitation has been identified.
Untrusted search path vulnerability in Self-extracting archive files created by Lhaz+ version 3.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Untrusted search path vulnerability in Installer of Lhaz+ version 3.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Untrusted search path vulnerability in Self-extracting archive files created by Lhaz version 2.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Untrusted search path vulnerability in Installer of Lhaz version 2.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Path traversal vulnerability in Lhaz and Lhaz+ archive extraction allows local users to write files to unintended directories when the automatic folder creation feature is enabled and a crafted archive is extracted. The vulnerability requires user interaction (extracting a malicious archive) and affects only the integrity of file placement, not confidentiality or availability. CVSS score is 3.3 (low); no public exploit code or active exploitation has been identified.
Untrusted search path vulnerability in Self-extracting archive files created by Lhaz+ version 3.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Untrusted search path vulnerability in Installer of Lhaz+ version 3.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Untrusted search path vulnerability in Self-extracting archive files created by Lhaz version 2.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Untrusted search path vulnerability in Installer of Lhaz version 2.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.