Lucene search
K

256 matches found

OSV
OSV
added 2016/08/02 11:41 a.m.13 views

SUSE-SU-2016:1939-1 Security update for bsdtar

bsdtar was updated to fix seven security issues. These security issues were fixed: - CVE-2015-8929: Memory leak in tar parser bsc985669. - CVE-2016-4809: Memory allocate error with symbolic links in cpio archives bsc984990. - CVE-2015-8920: Stack out of bounds read in ar parser bsc985675. -...

7.5CVSS7AI score0.11992EPSS
Exploits2References15
CNVD
CNVD
added 2015/04/09 12:0 a.m.2 views

Open-source ARJ archiver directory traversal vulnerability (CNVD-2015-02287)

Open-source ARJ archiver is an ARJ archive processing tool. Open-source ARJ archiver fails to properly remove slash notation from paths, allowing attackers to perform absolute path traversal attacks and write arbitrary files via specially crafted ARJ archives...

5.8CVSS7.1AI score0.03367EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2015/03/26 12:0 a.m.27 views

Ubuntu: Security Advisory (USN-2549-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.4CVSS8.1AI score0.0489EPSS
Exploits1References2
OSV
OSV
added 2015/03/25 2:36 p.m.3 views

USN-2549-1 libarchive vulnerabilities

It was discovered that the libarchive bsdcpio utility extracted absolute paths by default without using the --insecure flag, contrary to expectations. If a user or automated system were tricked into extracting cpio archives containing absolute paths, a remote attacker may be able to write to...

6.4CVSS7AI score0.0489EPSS
Exploits1References3
Mageia
Mageia
added 2015/03/12 3:30 p.m.14 views

Updated libarchive packages fix security vulnerability

Updated libarchive packages fix security vulnerability: Alexander Cherepanov discovered that bsdcpio, an implementation of the "cpio" program part of the libarchive project, is susceptible to a directory traversal vulnerability via absolute paths...

2.7AI score
Exploits0References3
FreeBSD
FreeBSD
added 2015/02/18 12:0 a.m.27 views

cabextract -- directory traversal with UTF-8 symbols in filenames

Cabextract ChangeLog reports: It was possible for cabinet files to extract to absolute file locations, and it was possible on Cygwin to get around cabextract's absolute and relative path protections by using backslashes...

5.3CVSS5.7AI score0.02308EPSS
Exploits1References2
FreeBSD
FreeBSD
added 2015/01/18 12:0 a.m.23 views

ha -- Directory traversals

Alexander Cherepanov reports: Version 0.999b and older of ha archiver is susceptible to directory traversal vulnerabilities via absolute and relative paths...

7.5CVSS7.6AI score0.03323EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.25 views

openSUSE Security Update : perl-Module-Signature (openSUSE-SU-2013:1178-1)

perl-Module-Signature was updated to 0.73, fixing bugs and security issues : Security fix for code execution in signature checking : - fix for bnc828010 CVE-2013-2145 - Properly redo the previous fix using File::Spec-filenameisabsolute. - Changes for 0.72 - Wed Jun 5 23:19:02 CST 2013 - Only allo...

4.4CVSS6AI score0.00557EPSS
Exploits1References3
myhack58
myhack58
added 2011/09/01 12:0 a.m.31 views

Discuz 1.5 with NGINX secondary analytical proof path BUG-vulnerability warning-the black bar safety net

Author: Sunny small cast Test environment: discuz X1. 5+nginx 1.0 漏洞 文件 source/function/functioncore.php that code: $G'setting''domain''app''default' && $content = pregreplace"/a href="^"+"/e", "rewriteoutput'sitedefault', 0, '".$ G'setting''domain''app''default'.$ port.$ G'siteroot'."',...

0.6AI score
Exploits0
RedHat Linux
RedHat Linux
added 2010/07/01 6:43 p.m.6 views

perl-Archive-Tar directory traversal flaws

Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and earlier allows user-assisted remote attackers to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has ".." sequences...

6.8CVSS7.5AI score0.04322EPSS
Exploits1References4
OSV
OSV
added 2007/11/02 4:46 p.m.2 views

DEBIAN-CVE-2007-4829

Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and earlier allows user-assisted remote attackers to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has ".." sequences...

6.8CVSS7.1AI score0.04322EPSS
Exploits1References1
NVD
NVD
added 2006/02/21 11:2 p.m.12 views

CVE-2006-0824

Multiple unspecified vulnerabilities in lib-common.php in Geeklog 1.4.0 before 1.4.0sr1 and 1.3.11 before 1.3.11sr4 allow remote attackers to include arbitrary local files and execute arbitrary code via 1 absolute paths in unspecified parameters and 2 the language cookie, as demonstrated for code...

7.5CVSS7.9AI score0.03062EPSS
Exploits0References7
Prion
Prion
added 2006/02/21 11:2 p.m.15 views

Code injection

Multiple unspecified vulnerabilities in lib-common.php in Geeklog 1.4.0 before 1.4.0sr1 and 1.3.11 before 1.3.11sr4 allow remote attackers to include arbitrary local files and execute arbitrary code via 1 absolute paths in unspecified parameters and 2 the language cookie, as demonstrated for code...

7.5CVSS8.5AI score0.03062EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2006/02/21 11:0 p.m.14 views

CVE-2006-0824

Multiple unspecified vulnerabilities in lib-common.php in Geeklog 1.4.0 before 1.4.0sr1 and 1.3.11 before 1.3.11sr4 allow remote attackers to include arbitrary local files and execute arbitrary code via 1 absolute paths in unspecified parameters and 2 the language cookie, as demonstrated for code...

7.9AI score0.03062EPSS
Exploits0References7
OSV
OSV
added 2002/12/18 5:0 a.m.3 views

DEBIAN-CVE-2002-1344

Directory traversal vulnerability in wget before 1.8.2-4 allows a remote FTP server to create or overwrite files as the wget user via filenames containing 1 /absolute/path or 2 .. dot dot sequences...

5CVSS7AI score0.04249EPSS
Exploits0References1
exploitpack
exploitpack
added 2002/11/08 12:0 a.m.17 views

QNX RTOS 6.2 - Application Packager Non-Explicit Path Execution

QNX RTOS 6.2 - Application Packager Non-Explicit Path Execution source: https://www.securityfocus.com/bid/6146/info A vulnerability has been discovered in an application packager shipped with QNX RTOS. It should be noted that the vulnerable packager is installed setuid root by default. It has bee...

0.1AI score
Exploits0
Rows per page
Query Builder