EUVD-2016-5300

Malware in sbrugna...

EUVD-2016-9528

Malware in sbrugna...

EUVD-2016-3419

Malware in sbrugna...

EUVD-2019-1738

Malware in sbrugna...

K000148255: libarchive vulnerabilities CVE-2019-1000020 and CVE-2019-1000019

Security Advisory Description CVE-2019-1000020 libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards version v2.8.0 onwards contains a CWE-835: Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in ISO9660 parser, archivereadsupportformatiso9660.c,...

F5 Networks BIG-IP : libarchive vulnerabilities (K000148255)

The version of F5 Networks BIG-IP installed on the remote host is prior to 16.1.6 / 17.1.2.2. It is, therefore, affected by multiple vulnerabilities as referenced in the K000148255 advisory. CVE-2019-1000020libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards version v2.8.0...

7-Zip Multiple Vulnerabilities - Windows

7zip is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:7-zip:7-zip"; ifdescription...

FreeBSD : p7zip -- usage of uninitialized memory (942fff11-5ac4-11ec-89ea-c85b76ce9b5a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 942fff11-5ac4-11ec-89ea-c85b76ce9b5a advisory. - Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 and before can lead to usage of...

Out-Of-Bounds Write

7zip is vulnerable to Out-Of-Bounds Write. The vulnerability exists due to the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer, allowing an attacker to leverage this vulnerability to execute code in the context of the current proces...

Arbitrary Code Execution

7zip is vulnerable to Arbitrary Code Execution. This vulnerability exists due to a flaw in the way 7-Zip parses 7Z files. A remote attacker can exploit this vulnerability by tricking the victim to open a specially crafted archive, which could lead to arbitrary code execution on the victim's syste...

K52697522: libarchive vulnerability CVE-2016-8689

Security Advisory Description The readHeader function in archivereadsupportformat7zip.c in libarchive 3.2.1 allows remote attackers to cause a denial of service out-of-bounds read via multiple EmptyStream attributes in a header in a 7zip archive. CVE-2016-8689 Impact For BIG-IP and VIPRION...

MGASA-2022-0142 Updated libarchive packages fix security vulnerability

7zip reader: fix PPMD read beyond boundary. ZIP reader: fix possible out of bounds read. ISO reader: fix possible heap buffer overflow in readchildren. RARv4 redaer: fix multiple issues in RARv4 filter code introduced in libarchive 3.6.0: - fix heap use after free in archivereadformatrarreaddata;...

Updated libarchive packages fix security vulnerability

7zip reader: fix PPMD read beyond boundary. ZIP reader: fix possible out of bounds read. ISO reader: fix possible heap buffer overflow in readchildren. RARv4 redaer: fix multiple issues in RARv4 filter code introduced in libarchive 3.6.0: - fix heap use after free in archivereadformatrarreaddata;...

[slackware-security] libarchive

New libarchive packages are available for Slackware 14.1, 14.2, 15.0, and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/libarchive-3.6.1-i586-1slack15.0.txz: Upgraded. This is a bugfix and security release. Security fixes: 7zip reader: f...

Mageia: Security Advisory (MGASA-2019-0074)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CSIRT-Collect - PowerShell Script To Collect Memory And (Triage) Disk Forensics

A PowerShell script to collect memory and triage disk forensics for incident response investigations. The script leverages a network share, from which it will access and copy the required executables and subsequently upload the acquired evidence to the same share post-collection. Permission...

Dozens of Vulnerable NuGet Packages Allow Attackers to Target .NET Platform

An analysis of off-the-shelf packages hosted on the NuGet repository has revealed 51 unique software components to be vulnerable to actively exploited, high-severity vulnerabilities, once again underscoring the threat posed by third-party dependencies to the software development process. In light...

Revisiting the NSIS-based crypter

This blog post was authored by hasherezade NSIS Nullsoft Scriptable Install System is a framework dedicated to creating software installers. It allows to bundle various elements of an application together i.e. the main executable, used DLLs, configs, along with a script that controls where are th...

IPFire 2.25 - Remote Code Execution (Authenticated) Exploit

Exploit Title: IPFire 2.25 - Remote Code Execution Authenticated Exploit Author: Mücahit Saratar Vendor Homepage: https://www.ipfire.org/ Software Link: https://downloads.ipfire.org/releases/ipfire-2.x/2.25-core156/ipfire-2.25.x8664-full-core156.iso Version: 2.25 - core update 156 Tested on: parr...

SUSE: Security Advisory (SUSE-SU-2016:1593-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...