Lucene search

Ark Security Vulnerabilities

cve

CVE-2021-4227

The ark-commenteditor WordPress plugin through 2.15.6 does not properly sanitise or encode the comments when in Source editor, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page to the comment...

5.3CVSS

7.1AI Score

0.0005EPSS

2024-01-16 04:15 PM

cve

CVE-2021-26635

In the code that verifies the file size in the ark library, it is possible to manipulate the offset read from the target file due to the wrong use of the data type. An attacker could use this vulnerability to cause a stack buffer overflow and as a result, perform an attack such as remote code...

7.8CVSS

8AI Score

0.002EPSS

2022-06-02 02:15 PM

cve

CVE-2021-26615

ARK library allows attackers to execute remote code via the parameter(path value) of Ark_NormalizeAndDupPAthNameW function because of an integer...

8.8CVSS

8.9AI Score

0.002EPSS

2021-11-26 05:15 PM

cve

CVE-2021-26603

A heap overflow issue was found in ARK library of bandisoft Co., Ltd when the Ark_DigPathA function parsed a file path. This vulnerability is due to missing support for string length...

7.8CVSS

7.7AI Score

0.001EPSS

2021-09-09 12:15 PM

cve

CVE-2021-38194

An issue was discovered in the ark-r1cs-std crate before 0.3.1 for Rust. It does not enforce any constraints in the FieldVar::mul_by_inverse method. Thus, a prover can produce a proof that is unsound but is nonetheless...

9.8CVSS

9.4AI Score

0.003EPSS

2021-08-08 06:15 AM

cve

CVE-2020-24654

In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home...

3.3CVSS

3.6AI Score

0.002EPSS

2020-09-02 05:15 PM

154

cve

CVE-2020-16116

In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory...

3.3CVSS

3.6AI Score

0.001EPSS

2020-08-03 08:15 PM

170

cve

CVE-2017-5330

ark before 16.12.1 might allow remote attackers to execute arbitrary code via an executable in an archive, related to associated...

7.8CVSS

7.8AI Score

0.016EPSS

2017-03-27 03:59 PM

cve

CVE-2011-2725

Directory traversal vulnerability in Ark 4.7.x and earlier allows remote attackers to delete and force the display of arbitrary files via .. (dot dot) sequences in a zip...

6.5AI Score

0.009EPSS

2014-02-04 11:55 PM

cve

CVE-2007-5216

Multiple PHP remote file inclusion vulnerabilities in eArk (e-Ark) 1.0 allow remote attackers to execute arbitrary PHP code via a URL in (1) the cfg_vcard_path parameter to src/vcard_inc.php or (2) the cfg_phpmailer_path parameter to src/email_inc.php. NOTE: the ark_inc.php vector is already...

7.8AI Score

0.006EPSS

2007-10-04 11:17 PM

cve

CVE-2006-6086

PHP remote file inclusion vulnerability in src/ark_inc.php in e-Ark 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the cfg_pear_path...

7.7AI Score

0.088EPSS

2006-11-24 06:07 PM