28 matches found
CVE-2019-12309
dotCMS before 5.1.0 has a path traversal vulnerability exploitable by an administrator to create files. The vulnerability is caused by the insecure extraction of a ZIP archive...
CVE-2019-12807
Alzip 10.83 and earlier version contains a stack-based buffer overflow vulnerability, caused by improper bounds checking during the parsing of crafted ISO archive file format. By persuading a victim to open a specially-crafted ISO archive file, an attacker could execution arbitrary code...
EUVD-2008-0917
Malware in sbrugna...
EUVD-2006-0930
Malware in sbrugna...
EUVD-2007-4118
Malware in sbrugna...
EUVD-2018-16981
Malware in sbrugna...
EUVD-2016-5342
Malware in sbrugna...
EUVD-2010-2332
Malware in sbrugna...
EUVD-2017-11341
Malware in sbrugna...
EUVD-2019-11339
Malware in sbrugna...
EUVD-2022-5534
Malicious code in bioql PyPI...
EUVD-2022-3141
Malicious code in bioql PyPI...
EUVD-2022-5856
Malicious code in bioql PyPI...
EUVD-2022-3679
Malicious code in bioql PyPI...
Exploit for Path Traversal in Rarlab Winrar
CVE-2025-8088 WinRAR path traversal tool ⚠ This tool is c...
USN-7656-1: Erlang vulnerabilities
It was discovered that Erlang OTP’s SSH module incorrectly enforced strict KEX handshake hardening measures. A remote attacker able to intercept communications could possibly use this issue to insert optional messages into connections during the handshake. CVE-2025-46712 It was discovered that...
CVE-2025-42992 Multiple Privilege Escalation Vulnerabilities in SAPCAR
SAPCAR allows an attacker logged in with high privileges to create a malicious SAR archive in SAPCAR. This could enable the attacker to exploit critical files and directory permissions without breaking signature validation, resulting in potential privilege escalation. This has high impact on...
The vulnerability of the MOTW mechanism of the WinRAR file archiver allows a hacker to execute arbitrary code.
The vulnerability of the Mark of the Web MOTW file archiver WinRAR is related to the lack of a warning message for users regarding unsafe actions related to the user interface when processing symbolic links that point to executable files. Exploiting this vulnerability allows a malicious actor to...
CVE-2025-1936
jar: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but the fake extension after the null was used to determine the type of content. This could have been used to hide code in a web extension...
CVE-2025-1936
CVE-2025-1936 is a Firefox/Thunderbird vulnerability where jar: URLs used to retrieve local ZIP contents could misclassify content due to a null-termination issue in the archive, potentially enabling disguised code in a web extension. Affected: Firefox before 136, Firefox ESR before 128.8, Thunde...