MidnightBSD

Advisories for ponsoftware

CVE-2010-2434 HIGH

Buffer overflow in Arcext.dll 2.16.1 and earlier in pon software Explzh 5.62 and earlier allows remote attackers to execute arbitrary code via an LZH LHA file with a crafted header that is not properly handled during expansion.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
ponsoftware explzh *
CVE-2010-3159 MEDIUM

Untrusted search path vulnerability in Explzh 5.67 and earlier allows local users to gain privileges via a Trojan horse executable file in the current working directory.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-426,

Products Affected

Vendor Product Version
ponsoftware explzh *
CVE-2010-3160 MEDIUM

Untrusted search path vulnerability in Archive Decoder 1.23 and earlier allows local users to gain privileges via a Trojan horse executable file in the current working directory.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ponsoftware archive_decoder 1.11
ponsoftware archive_decoder 1.12
ponsoftware archive_decoder 1.13
ponsoftware archive_decoder 1.03
ponsoftware archive_decoder 1.05
ponsoftware archive_decoder 1.07
ponsoftware archive_decoder 1.09
ponsoftware archive_decoder 1.01
ponsoftware archive_decoder 1.08
ponsoftware archive_decoder 1.02
ponsoftware archive_decoder 1.00
ponsoftware archive_decoder 1.06
ponsoftware archive_decoder 1.21
ponsoftware archive_decoder *
ponsoftware archive_decoder 1.22
ponsoftware archive_decoder 1.04
ponsoftware archive_decoder 1.20
CVE-2018-0646 MEDIUM

Directory traversal vulnerability in Explzh v.7.58 and earlier allows an attacker to read arbitrary files via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
ponsoftware explzh *