Lucene search
K

211 matches found

BDU FSTEC
BDU FSTEC
added 2019/03/01 12:0 a.m.6 views

The vulnerability of the unacev2.dll library of the WinRAR file compressor allows attackers to deploy malicious files outside the extraction directory.

The vulnerability of the unacev2.dll file archiver in WinRAR is related to insufficient checking of the file name field during extraction. Exploiting this vulnerability allows a remote attacker to place malicious files outside the extraction directory, using a specially crafted ACE archive...

7.8CVSS6.2AI score0.31528EPSS
Exploits1References5
Veracode
Veracode
added 2018/07/09 2:13 a.m.24 views

Arbitrary File Writing

SharpZipLib is vulnerable to arbitrary file write aka zip slip vulnerability. It fails to check on the file path during extraction, allowing arbitrary files to be written outside of extraction directory...

5.5CVSS5.6AI score0.08926EPSS
Exploits1References3Affected Software10
Prion
Prion
added 2018/05/15 8:29 p.m.19 views

Path traversal

Addresses partial fix in CVE-2018-1261. Pivotal spring-integration-zip, versions prior to 1.0.2, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z, that holds path traversal...

4CVSS4.6AI score0.01446EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2018/05/15 8:29 p.m.23 views

CVE-2018-1263

Addresses partial fix in CVE-2018-1261. Pivotal spring-integration-zip, versions prior to 1.0.2, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z, that holds path traversal...

4.7CVSS5AI score0.01446EPSS
Exploits0References2
NVD
NVD
added 2018/05/11 8:29 p.m.17 views

CVE-2018-1261

Spring-integration-zip versions prior to 1.0.1 exposes an arbitrary file write vulnerability, which can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z that holds path traversal filenames. So when the filename gets concatenated to th...

4.7CVSS4.7AI score0.01288EPSS
Exploits0References2
OSV
OSV
added 2018/05/11 8:29 p.m.27 views

CVE-2018-1261

Spring-integration-zip versions prior to 1.0.1 exposes an arbitrary file write vulnerability, which can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z that holds path traversal filenames. So when the filename gets concatenated to th...

4.7CVSS5.2AI score0.01288EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2018/03/01 7:0 p.m.63 views

CVE-2017-14804

The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots...

9.9CVSS7.3AI score0.01744EPSS
Exploits0
OSV
OSV
added 2016/09/08 9:35 p.m.1 views

USN-3074-1 file-roller vulnerability

It was discovered that File Roller incorrectly handled symlinks. If a user were tricked into extracting a specially-crafted archive, an attacker could delete files outside of the extraction directory...

7.5CVSS6.8AI score0.03328EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2013/08/01 12:0 a.m.19 views

Ubuntu: Security Advisory (USN-1906-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS6.5AI score0.04307EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2012/08/07 9:55 p.m.19 views

CVE-2012-3386

The "make distcheck" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors...

4.4CVSS7.3AI score0.00474EPSS
Exploits1References1
Prion
Prion
added 2012/08/07 9:55 p.m.15 views

Race condition

The "make distcheck" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors...

4.4CVSS7.5AI score0.00474EPSS
Exploits1References10Affected Software1
Rows per page
Query Builder