256 matches found
SUSE-SU-2016:1939-1 Security update for bsdtar
bsdtar was updated to fix seven security issues. These security issues were fixed: - CVE-2015-8929: Memory leak in tar parser bsc985669. - CVE-2016-4809: Memory allocate error with symbolic links in cpio archives bsc984990. - CVE-2015-8920: Stack out of bounds read in ar parser bsc985675. -...
Open-source ARJ archiver directory traversal vulnerability (CNVD-2015-02287)
Open-source ARJ archiver is an ARJ archive processing tool. Open-source ARJ archiver fails to properly remove slash notation from paths, allowing attackers to perform absolute path traversal attacks and write arbitrary files via specially crafted ARJ archives...
Ubuntu: Security Advisory (USN-2549-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-2549-1 libarchive vulnerabilities
It was discovered that the libarchive bsdcpio utility extracted absolute paths by default without using the --insecure flag, contrary to expectations. If a user or automated system were tricked into extracting cpio archives containing absolute paths, a remote attacker may be able to write to...
Updated libarchive packages fix security vulnerability
Updated libarchive packages fix security vulnerability: Alexander Cherepanov discovered that bsdcpio, an implementation of the "cpio" program part of the libarchive project, is susceptible to a directory traversal vulnerability via absolute paths...
cabextract -- directory traversal with UTF-8 symbols in filenames
Cabextract ChangeLog reports: It was possible for cabinet files to extract to absolute file locations, and it was possible on Cygwin to get around cabextract's absolute and relative path protections by using backslashes...
ha -- Directory traversals
Alexander Cherepanov reports: Version 0.999b and older of ha archiver is susceptible to directory traversal vulnerabilities via absolute and relative paths...
openSUSE Security Update : perl-Module-Signature (openSUSE-SU-2013:1178-1)
perl-Module-Signature was updated to 0.73, fixing bugs and security issues : Security fix for code execution in signature checking : - fix for bnc828010 CVE-2013-2145 - Properly redo the previous fix using File::Spec-filenameisabsolute. - Changes for 0.72 - Wed Jun 5 23:19:02 CST 2013 - Only allo...
Discuz 1.5 with NGINX secondary analytical proof path BUG-vulnerability warning-the black bar safety net
Author: Sunny small cast Test environment: discuz X1. 5+nginx 1.0 漏洞 文件 source/function/functioncore.php that code: $G'setting''domain''app''default' && $content = pregreplace"/a href="^"+"/e", "rewriteoutput'sitedefault', 0, '".$ G'setting''domain''app''default'.$ port.$ G'siteroot'."',...
perl-Archive-Tar directory traversal flaws
Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and earlier allows user-assisted remote attackers to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has ".." sequences...
DEBIAN-CVE-2007-4829
Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and earlier allows user-assisted remote attackers to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has ".." sequences...
CVE-2006-0824
Multiple unspecified vulnerabilities in lib-common.php in Geeklog 1.4.0 before 1.4.0sr1 and 1.3.11 before 1.3.11sr4 allow remote attackers to include arbitrary local files and execute arbitrary code via 1 absolute paths in unspecified parameters and 2 the language cookie, as demonstrated for code...
Code injection
Multiple unspecified vulnerabilities in lib-common.php in Geeklog 1.4.0 before 1.4.0sr1 and 1.3.11 before 1.3.11sr4 allow remote attackers to include arbitrary local files and execute arbitrary code via 1 absolute paths in unspecified parameters and 2 the language cookie, as demonstrated for code...
CVE-2006-0824
Multiple unspecified vulnerabilities in lib-common.php in Geeklog 1.4.0 before 1.4.0sr1 and 1.3.11 before 1.3.11sr4 allow remote attackers to include arbitrary local files and execute arbitrary code via 1 absolute paths in unspecified parameters and 2 the language cookie, as demonstrated for code...
DEBIAN-CVE-2002-1344
Directory traversal vulnerability in wget before 1.8.2-4 allows a remote FTP server to create or overwrite files as the wget user via filenames containing 1 /absolute/path or 2 .. dot dot sequences...
QNX RTOS 6.2 - Application Packager Non-Explicit Path Execution
QNX RTOS 6.2 - Application Packager Non-Explicit Path Execution source: https://www.securityfocus.com/bid/6146/info A vulnerability has been discovered in an application packager shipped with QNX RTOS. It should be noted that the vulnerable packager is installed setuid root by default. It has bee...