PT-2024-40586 · Git +1 · Readstat

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow read crash has been reported. The crash occurs in the following functions: extract mr data, parse mr string, and readstat parse sa...

@bitrefill/airfill-widget (>=4.2.2 <=4.8.3), @chialab/rna-cli (>=2.2.0 <=4.0.0-beta.22) +94 more potentially affected by CVE-2024-21528 via node-gettext (>=0.1.2 <=3.0.0)

node-gettext NPM version =0.1.2, =4.2.2, =2.2.0, =2.2.0, =0.9.1, =1.1.2, =4.1.0-alpha.1, =0.0.4, =5.2.0-alpha.13, =5.2.0, =1.0.6, =1.0.17, =1.0.3, =4.1.2, =2.0.0, =2.3.1 and more Source cves: CVE-2024-21528 Source advisory: OSV:GHSA-G974-HXVM-X689...

WordPress W3-Total-Cache 0.9.2.4 Username / Hash Extraction

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress W3-Total-Cache Plugin 0.9.2.4 or before Username and Hash Extract', 'Description' = "The W3-Total-Cache Wordpress Plugin MSFLICENSE,...

WordPress Symposium Plugin SQL Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Symposium Plugin SQL Injection', 'Description' = %q This module exploits a SQL injection vulnerability in the WP Symposium plugin befor...

CVE-2024-45436

CVE-2024-45436 affects Ollama prior to 0.1.47, where extractFromZipFile in model.go can write ZIP entries outside the parent directory (Zip Slip/path traversal). The connected exploit document confirms a practical path traversal/vector in Ollama and notes exploitation could lead to arbitrary file...

Improper File Path Handling

unzip-stream is vulnerable to Improper File Path Handling. The vulnerability is due to the Extract method allowing malicious zip files to write to unauthorized paths...

PT-2024-40128 · Unknown · Unzip-Stream

Name of the Vulnerable Software and Affected Versions: unzip-stream versions prior to 0.3.2 Description: The issue allows malicious zip files to write to unauthorized paths when using the Extract method of unzip-stream. A researcher from Google, Justin Taft, discovered this issue. Recommendations...

CVE-2024-8088

There is a HIGH severity vulnerability affecting the CPython "zipfile" module affecting "zipfile.Path". Note that the more common API "zipfile.ZipFile" class is unaffected. When iterating over names of entries in a zip archive for example, methods of "zipfile.Path" like "namelist", "iterdir", etc...

CVE-2024-8088

There is a HIGH severity vulnerability affecting the CPython "zipfile" module affecting "zipfile.Path". Note that the more common API "zipfile.ZipFile" class is unaffected. When iterating over names of entries in a zip archive for example, methods of "zipfile.Path" like "namelist", "iterdir", etc...

The vulnerability of the implementation of the ColladaParser::ExtractDataObjectFromChannel() function in the Open Asset Import Library (Assimp) library allows a malicious actor to obtain unauthorized access to confidential information.

The vulnerability of the ColladaParser::ExtractDataObjectFromChannel function in the Open Asset Import Library Assimp import library is related to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to gain unauthorized access to confidential information...

Malicious code in oe-extract-ids (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 bebbe22a538c4b7b6688bd82facdd749052e801663cf523c8d9c1eb11f81ea57 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2024-12316 Malicious code in oe-extract-ids (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 bebbe22a538c4b7b6688bd82facdd749052e801663cf523c8d9c1eb11f81ea57 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

CVE-2024-41122 Custom environment variables allow to alter execution flow of plugins in Woodpecker

Woodpecker is a simple yet powerful CI/CD engine with great extensibility. The server allow to create any user who can trigger a pipeline run malicious workflows: 1. Those workflows can either lead to a host takeover that runs the agent executing the workflow. 2. Or allow to extract the secrets w...

Path Traversal

@jmondi/url-to-png is vulnerable to Path Traversal. The vulnerability is due to the lack of proper sanitization or validation of the ImageId input within extractqueryparams.ts, which allows an attacker to store an image in an arbitrary location that the server has permission to access...

The vulnerability of the ExtractImageSection() function in the LibTIFF library, which allows a hacker to cause a service failure.

The vulnerability of the ExtractImageSection function in the LibTIFF library is related to the copying of buffers without checking the input size. Exploiting this vulnerability could allow an attacker to cause a service failure using the created Tiff file...

DEBIAN-CVE-2024-28820

Buffer overflow in the extractopenvpncr function in openvpn-cr.c in openvpn-auth-ldap aka the Three Rings Auth-LDAP plugin for OpenVPN 2.0.4 allows attackers with a valid LDAP username and who can control the challenge/response password field to pass a string with more than 14 colons into this...

Malicious code in Be.Vlaandеren.Basisregisters.PostalRegistry.Apі.Extract (NuGet)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in Be.Vlaaոderen.Basisregisters.BuildingRеgistry.Api.Extract (NuGet)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in Be.Vlaaոderen.Basisregisters.BuildingRеgistry.Apі.Eхtract (NuGet)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-4213 Malicious code in Be.Vlaaոderen.Basisregisters.BuildingRеgistry.Api.Extract (NuGet)

--- -= Per source details. Do not edit below this line.=-...