158 matches found
Gnome gnome-autoar 后置链接漏洞
Gnome gnome-autoar is a component of the Gnome community that provides widgets and gschemas functionality for GNOME applications. A backward linking vulnerability exists in GNOME gnome-autoar before 0.3.1 that allows traversing directories during extraction because, in some complex cases, it does...
USN-4830-1 okular vulnerability
It was discovered that Okular mishandled certain crafted archives during extraction. An attacker could use this vulnerability to write arbitrary files to the filesystem...
MGASA-2021-0111 Updated gnome-autoar packages fix security vulnerability
Yiğit Can Yılmaz discovered that GNOME Autoar could extract files outside of the intended directory. If a user were tricked into extracting a specially crafted archive, a remote attacker could create files in arbitrary locations, possibly leading to code execution CVE-2020-36241...
Gnome gnome-autoar backlink vulnerability
Gnome gnome-autoar is a component of the Gnome community that provides widget and gschemas functionality to GNOME applications. A backlink vulnerability exists in GNOME gnome-autoar through 0.2.4 that allows traversing directories during extraction...
PT-2021-5613 · Gnome +8 · File Roller +8
Name of the Vulnerable Software and Affected Versions: File Roller versions through 3.38.0 Description: The issue is related to a directory traversal vulnerability during extraction, caused by the lack of a check for whether a file's parent is a symlink in certain complex situations. This...
Arbitrary File Write via Archive Extraction (Zip Slip)
Overview github.com/u-root/u-root/pkg/cpio is a package that provides Go versions of standard Linux tools and bootloaders. It also provides tools for compiling Go programs in a single binary and creating initramfs images. Affected versions of this package are vulnerable to Arbitrary File Write vi...
FreeBSD : ark -- extraction outside of extraction directory (38fdf07b-e8ec-11ea-8bbe-e0d55e2a8bf9)
Albert Astals Cid reports : Overview A maliciously crafted TAR archive containing symlink entries would install files anywhere in the user's home directory upon extraction. Proof of concept For testing, an example of malicious archive can be found at dirsymlink.tar Impact Users can unwillingly...
Directory Traversal on ZIP extraction
It has been discovered that the extraction of manually uploaded ZIP archives in Extension Manager is vulnerable to directory traversal...
USN-4139-1 file-roller vulnerability
It was discovered that File Roller incorrectly handled certain TAR files. An attacker could possibly use this issue to overwrite sensitive files during extraction...
CVE-2019-3838
It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER...
The vulnerability of the WinRAR file archiver lies in the fact that it writes beyond the buffer boundaries during file extraction, allowing an attacker to execute arbitrary code.
The vulnerability of the unacev2.dll file archiver in WinRAR is related to writing beyond the buffer boundaries in memory during file extraction. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a specially crafted ACE or RAR archive...
DEBIAN-CVE-2018-1000888
PEAR ArchiveTar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the ArchiveTar class. There are several file operations with $vheader'filename' as parameter such as fileexists, isfile, isdir, etc. When extract is called without a specific prefix path, we can trigger...
rubyzip: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file
A directory and symbolic link traversal flaw was found in the way rubyzip gem extracts zip files. An attacker, with access to a privileged application capable of extracting zip files, could use this flaw to write new files to arbitrary paths, accessible by the aforementioned privileged applicatio...
CVE-2017-2751
A BIOS password extraction vulnerability has been reported on certain consumer notebooks with firmware F.22 and others. The BIOS password was stored in CMOS in a way that allowed it to be extracted. This applies to consumer notebooks launched in early 2014...
[SECURITY] [DSA 4300-1] libarchive-zip-perl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4300-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 22, 2018 https://www.debian.org/security/faq -...
CVE-2018-14028
In WordPress 4.9.7, plugins uploaded via the admin area are not verified as being ZIP files. This allows for PHP files to be uploaded. Once a PHP file is uploaded, the plugin extraction fails, but the PHP file remains in a predictable wp-content/uploads location, allowing for an attacker to then...
UBUNTU-CVE-2018-1002208
SharpZipLib before 1.0 RC1 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...
CVE-2018-1002202
zip4j before 1.3.3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...
CVE-2018-1002208
SharpZipLib before 1.0 RC1 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...
PT-2018-9627 · Mholt · Archiver
Name of the Vulnerable Software and Affected Versions: mholt/archiver versions before e4ef56d48eb029648b0e895bb0b6a393ef0829c3 Description: The issue allows attackers to write to arbitrary files via a ../ dot dot slash in an archive entry that is mishandled during extraction, also known as...