CVE-2006-2520

Name of the Vulnerable Software and Affected Versions BitZipper versions 4.1.2 SR-1 and earlier

Description A directory traversal issue allows remote attackers to create files in arbitrary directories by including a .. (dot dot) in the filename of a file stored in various archive types, including RAR (.rar), TAR (.tar), ZIP (.zip), GZ (.gz), and JAR (.jar) archives.

Recommendations For BitZipper versions 4.1.2 SR-1 and earlier, consider updating to a newer version that addresses this issue, as no specific workaround is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.