UnRAR Backlink Vulnerability

UnRAR is a command that decompresses files with rar extension. A security vulnerability exists in UnRAR versions prior to 6.2.3. An attacker exploited the vulnerability to extract files outside the target folder via symbolic links...

SQL injection in some Admin Sort functions

Description SQL injection due to unsanitized concatenating strings into ORDER BY clause, 'sort' parameter Proof of Concept Log in as an admin, go to Admin Translations or Application Logger functions, and perform a sort action Observer the request on Burpsuite and injection point is the 'sort'...

New All-in-One "EvilExtractor" Stealer for Windows Systems Surfaces on the Dark Web

A new "all-in-one" stealer malware named EvilExtractor also spelled Evil Extractor is being marketed for sale for other threat actors to steal data and files from Windows systems. "It includes several modules that all work via an FTP service," Fortinet FortiGuard Labs researcher Cara Lin said. "I...

CVE-2022-20532

In parseTrackFragmentRun of MPEG4Extractor.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

编号撤回

XpdfReader is XpdfReader open source a free PDF viewer and toolkit . Including text extractor , image converter , HTML converter and so on. This CVE number has been withdrawn...

Path Traversal

binwalk is vulnerable to Path Traversal. By crafting a malicious PFS file, an attacker is able to get the PFS extractor to extract files at arbitrary locations when binwalk is run in extraction mode which may result in remote code executions...

OpenKM 代码问题漏洞

OpenKM is a document management system from OpenKM Spain. The system provides features such as version control, document history and file sharing. A security vulnerability exists in OpenKM version v6.3.10, which originated from a vulnerability that allows an attacker to obtain sensitive informati...

PeaZip 安全漏洞

PeaZip is a free Zip software and Rar extractor from the individual developer Giorgio Tani. A security vulnerability exists in Giorgio Tani peazip version v.9.0.0, which originates from a denial of service that allows an attacker to cause a denial of service via the end-of-archive marking feature...

SUSE CVE-2015-7213

Integer overflow in the MPEG4Extractor::readMetaData function in MPEG4Extractor.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 on 64-bit platforms allows remote attackers to execute arbitrary code via a crafted MP4 video file that triggers a buffer overflow...

SUSE CVE-2017-7994

The function TextExtractor::ExtractText in TextExtractor.cpp:77 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted PDF document...

XSS Stored in the email address

Description Hello, I have located an xss stored by performing the following step: 1 - Go to tools 2 - GDPR Data Extractor 3 - Insert the payload into the email address 4 - click in send emails Proof of Concept...

Malicious code in wf-extract-text-in-image2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3cd6fc1170a3ada1d746fc52e031d5c161e68ecaccf1383924617a33f88f75a1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2023-0593

A path traversal vulnerability affects yaffshiv YAFFS filesystem extractor. By crafting a malicious YAFFS file, an attacker could force yaffshiv to write outside of the extraction directory. This issue affects yaffshiv up to version 0.1 included, which is the most recent at time of publication...

Path traversal

A path traversal vulnerability affects jefferson's JFFS2 filesystem extractor. By crafting malicious JFFS2 files, attackers could force jefferson to write outside of the extraction directory.This issue affects jefferson: before 0.4.1...

Path traversal

A path traversal vulnerability affects yaffshiv YAFFS filesystem extractor. By crafting a malicious YAFFS file, an attacker could force yaffshiv to write outside of the extraction directory. This issue affects yaffshiv up to version 0.1 included, which is the most recent at time of publication...

CVE-2023-0593 Path traversal in yaffshiv

A path traversal vulnerability affects yaffshiv YAFFS filesystem extractor. By crafting a malicious YAFFS file, an attacker could force yaffshiv to write outside of the extraction directory. This issue affects yaffshiv up to version 0.1 included, which is the most recent at time of publication...

CVE-2023-0592

The CVE-2023-0592 entry affects the jefferson JFFS2 filesystem extractor. A path traversal vulnerability allows crafting malicious JFFS2 files to cause writes outside the extraction directory. Affected versions are prior to 0.4.1. Mitigation: update to 0.4.1 or later; as a temporary workaround, r...

PT-2023-16389 · Jefferson · Jefferson

Name of the Vulnerable Software and Affected Versions: jefferson versions prior to 0.4.1 Description: A path traversal issue affects jefferson's JFFS2 filesystem extractor. Attackers can craft malicious JFFS2 files to force jefferson to write outside of the extraction directory. Recommendations:...

UBUNTU-CVE-2022-4510

A path traversal vulnerability was identified in ReFirm Labs binwalk from version 2.1.2b through 2.3.3 included. By crafting a malicious PFS filesystem file, an attacker can get binwalk's PFS extractor to extract files at arbitrary locations when binwalk is run in extraction mode -e option. Remot...

PT-2023-18761 · Pandora · Pandora

Name of the Vulnerable Software and Affected Versions: Pandora aka pandora-analysis/pandora version 1.3.0 Description: The issue allows a denial of service when an attacker submits a deeply nested ZIP archive, also known as a ZIP bomb. This can be exploited through the workers/extractor.py...