VulnCheck KEV: CVE-2022-4063

The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP's extract function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers...

python: tarfile module directory traversal

A flaw was found in the Python tarfile module. Extracting a crafted TAR archive with the tarfile.extract or tarfile.extractall functions could lead to a directory traversal vulnerability, resulting in overwrite of arbitrary files...

MAL-2023-8481 Malicious code in extract-react-types-mono-repo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 97291f1a69bcf0454ce9436e0b9962597636b4422b1a88ff5272fdd93d91c165 The OpenSSF Package Analysis project identified 'extract-react-types-mono-repo' @ 0.0.2 npm as malicious. It is considered malicious because: -...

Malicious code in extract-react-types-mono-repo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 97291f1a69bcf0454ce9436e0b9962597636b4422b1a88ff5272fdd93d91c165 The OpenSSF Package Analysis project identified 'extract-react-types-mono-repo' @ 0.0.2 npm as malicious. It is considered malicious because: -...

python: tarfile module directory traversal

A flaw was found in the Python tarfile module. Extracting a crafted TAR archive with the tarfile.extract or tarfile.extractall functions could lead to a directory traversal vulnerability, resulting in overwrite of arbitrary files...

python: tarfile module directory traversal

A flaw was found in the Python tarfile module. Extracting a crafted TAR archive with the tarfile.extract or tarfile.extractall functions could lead to a directory traversal vulnerability, resulting in overwrite of arbitrary files...

CVE-2023-3164

A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw allows attackers to cause a denial of service via a crafted tiff file...

Teams_Dump - PoC For Dumping And Decrypting Cookies In The Latest Version Of Microsoft Teams

PoC for dumping and decrypting cookies in the latest version of Microsoft Teams extract.py just dumps without arguments extract.exe is just extract.py packed into an exe List values in the database python.exe .\teamsdump.py teams --list Table: meta Columns in meta: key, value...

PT-2023-32349 · WordPress · The News & Blog Designer Pack

Name of the Vulnerable Software and Affected Versions: The News & Blog Designer Pack – WordPress Blog Plugin versions up to, and including, 3.4.1 Description: The issue is related to Remote Code Execution via Local File Inclusion. This is due to the bdp get more post function utilizing an unsafe...

SUSE CVE-2023-40791

extractusertosg in lib/scatterlist.c in the Linux kernel before 6.4.12 fails to unpin pages in a certain situation, as demonstrated by a WARNING for trygrabpage...

DEBIAN-CVE-2023-40791

extractusertosg in lib/scatterlist.c in the Linux kernel before 6.4.12 fails to unpin pages in a certain situation, as demonstrated by a WARNING for trygrabpage...

CVE-2023-40791

extractusertosg in lib/scatterlist.c in the Linux kernel before 6.4.12 fails to unpin pages in a certain situation, as demonstrated by a WARNING for trygrabpage...

SUSE CVE-2023-5557

A flaw was found in the tracker-miners package. A weakness in the sandbox allows a maliciously-crafted file to execute code outside the sandbox if the tracker-extract process has first been compromised by a separate vulnerability...

DEBIAN-CVE-2023-5557

A flaw was found in the tracker-miners package. A weakness in the sandbox allows a maliciously-crafted file to execute code outside the sandbox if the tracker-extract process has first been compromised by a separate vulnerability...

UBUNTU-CVE-2023-5557

A flaw was found in the tracker-miners package. A weakness in the sandbox allows a maliciously-crafted file to execute code outside the sandbox if the tracker-extract process has first been compromised by a separate vulnerability...

CVE-2023-5557 Tracker-miners: sandbox escape

A flaw was found in the tracker-miners package. A weakness in the sandbox allows a maliciously-crafted file to execute code outside the sandbox if the tracker-extract process has first been compromised by a separate vulnerability...

CVE-2023-5557

A flaw was found in the tracker-miners package. A weakness in the sandbox allows a maliciously-crafted file to execute code outside the sandbox if the tracker-extract process has first been compromised by a separate vulnerability...

libtiff: out-of-bounds write in extractContigSamplesShifted16bits() in tools/tiffcrop.c

A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted16bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification...

libtiff: out-of-bounds write in extractContigSamplesShifted16bits() in tools/tiffcrop.c

A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted16bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification...

PT-2023-7470 · Gnome +8 · Tracker-Miners +8

Name of the Vulnerable Software and Affected Versions: tracker-miners affected versions not specified Description: A flaw was found in the tracker-miners package, which is part of the GNOME operating system for Linux. The issue is related to a weakness in the sandbox mechanism that allows a...