{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-02-24T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Multiple directory traversal vulnerabilities in Allume StuffIt Standard and Deluxe 9.0, ZipMagic Deluxe 9.0, and StuffIt Expander 9.0.0.21 Engine 9.0.0.21 allow remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a (1) zip or (2) tar archive."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-18T14:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2006-0732", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/0732"}, {"name": "23463", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/23463"}, {"name": "16806", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/16806"}, {"name": "20060224 StuffIt and ZipMagic Family of products Directory traversal", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/425972/100/0/threaded"}, {"name": "stuffit-zipmagic-archive-directory-traversal(24886)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24886"}, {"tags": ["x_refsource_MISC"], "url": "http://www.hamid.ir/security/stuffit.txt"}, {"name": "19010", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/19010"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-0926", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple directory traversal vulnerabilities in Allume StuffIt Standard and Deluxe 9.0, ZipMagic Deluxe 9.0, and StuffIt Expander 9.0.0.21 Engine 9.0.0.21 allow remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a (1) zip or (2) tar archive."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2006-0732", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/0732"}, {"name": "23463", "refsource": "OSVDB", "url": "http://www.osvdb.org/23463"}, {"name": "16806", "refsource": "BID", "url": "http://www.securityfocus.com/bid/16806"}, {"name": "20060224 StuffIt and ZipMagic Family of products Directory traversal", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/425972/100/0/threaded"}, {"name": "stuffit-zipmagic-archive-directory-traversal(24886)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24886"}, {"name": "http://www.hamid.ir/security/stuffit.txt", "refsource": "MISC", "url": "http://www.hamid.ir/security/stuffit.txt"}, {"name": "19010", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19010"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T16:56:13.946Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2006-0732", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/0732"}, {"name": "23463", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/23463"}, {"name": "16806", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/16806"}, {"name": "20060224 StuffIt and ZipMagic Family of products Directory traversal", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/425972/100/0/threaded"}, {"name": "stuffit-zipmagic-archive-directory-traversal(24886)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24886"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.hamid.ir/security/stuffit.txt"}, {"name": "19010", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/19010"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-0926", "datePublished": "2006-02-28T11:00:00.000Z", "dateReserved": "2006-02-28T00:00:00.000Z", "dateUpdated": "2024-08-07T16:56:13.946Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:smithmicro:stuffit_deluxe:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "FFCBEE5A-6227-42BB-BA7B-4EEC4D259050", "vulnerable": true}, {"criteria": "cpe:2.3:a:smithmicro:stuffit_expander:9.0.0.21_engine_9.0.0.21:*:*:*:*:*:*:*", "matchCriteriaId": "B3318D3A-DF5D-4EA2-8190-F88083796245", "vulnerable": true}, {"criteria": "cpe:2.3:a:smithmicro:stuffit_standard:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "4FE5B10E-FE90-4502-8DF6-AC5DBF10BBAA", "vulnerable": true}, {"criteria": "cpe:2.3:a:smithmicro:zipmagic_deluxe:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "3669E791-1022-491B-A831-D49ED84D32D7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple directory traversal vulnerabilities in Allume StuffIt Standard and Deluxe 9.0, ZipMagic Deluxe 9.0, and StuffIt Expander 9.0.0.21 Engine 9.0.0.21 allow remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a (1) zip or (2) tar archive."}], "id": "CVE-2006-0926", "lastModified": "2026-04-16T00:27:16.627", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2006-02-28T11:02:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/19010"}, {"source": "cve@mitre.org", "url": "http://www.hamid.ir/security/stuffit.txt"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/23463"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/425972/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/16806"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/0732"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24886"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/19010"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.hamid.ir/security/stuffit.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/23463"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/425972/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/16806"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/0732"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24886"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}