MidnightBSD

Advisories for powerarchiver

CVE-2005-3061 HIGH

Multiple stack-based buffer overflows in PowerArchiver 8.10 through 9.5 Beta 4 and Beta 5 allow remote attackers to execute arbitrary code via a long filename in a (1) ACE or (2) ARJ archive.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
powerarchiver powerarchiver_2002 8.10
powerarchiver powerarchiver_2006 9.5_beta_4
powerarchiver powerarchiver_2003 8.60
powerarchiver powerarchiver_2006 9.5_beta_5
powerarchiver powerarchiver_2004 9.25
CVE-2014-2319 MEDIUM

The Encrypt Files feature in ConeXware PowerArchiver before 14.02.05 uses legacy ZIP encryption even if the AES 256-bit selection is chosen, which makes it easier for context-dependent attackers to obtain sensitive information via a known-plaintext attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
powerarchiver powerarchiver 14.01
powerarchiver powerarchiver 14.02
powerarchiver powerarchiver 14.00
powerarchiver powerarchiver *
CVE-2021-28684 MEDIUM

The XML parser used in ConeXware PowerArchiver before 20.10.02 allows processing of external entities, which might lead to exfiltration of local files over the network (via an XXE attack).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,

Products Affected

Vendor Product Version
powerarchiver powerarchiver *