CVE-2024-0129

NVIDIA NeMo contains a vulnerability in SaveRestoreConnector where a user may cause a path traversal issue via an unsafe .tar file extraction. A successful exploit of this vulnerability may lead to code execution and data tampering...

Limesurvey Unauthenticated File Download

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework for extracting files require 'zip' class MetasploitModule 'Limesurvey Unauthenticated File Download', 'Description' = %q This module exploits an unauthenticated file...

EulerOS Virtualization 2.11.0 : less (EulerOS-SA-2024-2180)

According to the versions of the less package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename....

Zip Slip

mobsf is vulnerable to Zip Slip. The vulnerability is caused due to a missing validation while extracting .a extension files. This allows an attacker to extract files to any desired location within the server running MobS...

Mobile Security Framework (MobSF) has a Zip Slip Vulnerability in .a Static Library Files

Summary Upon reviewing the MobSF source code, I identified a flaw in the Static Libraries analysis section. Specifically, during the extraction of .a extension files, the measure intended to prevent Zip Slip attacks is improperly implemented. Since the implemented measure can be bypassed, the...

GHSA-4HH3-VJ32-GR6J Mobile Security Framework (MobSF) has a Zip Slip Vulnerability in .a Static Library Files

Summary Upon reviewing the MobSF source code, I identified a flaw in the Static Libraries analysis section. Specifically, during the extraction of .a extension files, the measure intended to prevent Zip Slip attacks is improperly implemented. Since the implemented measure can be bypassed, the...

SUSE-SU-2024:2961-1 Security update for osc

This update for osc fixes the following issues: - 1.9.0 - Security: - Fix possibility to overwrite special files in .osc CVE-2024-22034 bsc1225911 Source files are now stored in the 'sources' subdirectory which prevents name collisons. This requires changing version of '.osc' store to 2.0. -...

CVE-2024-29068

In snapd versions prior to 2.62, snapd failed to properly check the file type when extracting a snap. The snap format is a squashfs file-system image and so can contain files that are non-regular files such as pipes or sockets etc. Various file entries within the snap squashfs image such as icons...

CVE-2023-49223

Precor touchscreen console P62, P80, and P82 could allow a remote attacker to obtain sensitive information because the root password is stored in /etc/passwd. An attacker could exploit this to extract files and obtain sensitive information...

CVE-2024-5187 Arbitrary File Overwrite in download_model_with_test_data in onnx/onnx

A vulnerability in the downloadmodelwithtestdata function of the onnx/onnx framework, version 1.16.0, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability enables attackers to overwrite any file on the system,...

CVE-2023-5938

CVE-2023-5938 affects Arc up to versions prior to 1.6.0. The vulnerability arises because multiple functions process archives without validating contained filenames, enabling path traversal via zip slip. An administrator able to supply tampered archives to Arc could cause arbitrary files to be ex...

GHSA-MQ35-X99R-54FC github.com/u-root/u-root/pkg/cpio Arbitrary File Write via Archive Extraction (Zip Slip)

This affects all versions of package github.com/u-root/u-root/pkg/cpio up to and including 7.0.0. It is vulnerable to leading, non-leading relative path traversal attacks and symlink based relative and absolute path traversal attacks in cpio file extraction...

Mhf - Mobile Helper Framework - A Tool That Automates The Process Of Identifying The Framework/Technology Used To Create A Mobile Application

Mobile Helper Framework is a tool that automates the process of identifying the framework/technology used to create a mobile application. Additionally, it assists in finding sensitive information or provides suggestions for working with the identified platform. How work? The tool searches for fil...

The vulnerability of the GoGoReleaser binary file extraction tool, related to the disclosure of information through registration files, allows a hacker to disclose the protected information.

The vulnerability of the GoGoReleaser binary file collection relates to the disclosure of information through registration files. Exploiting this vulnerability can allow an attacker to disclose the protected information...

Exploit for Insufficient Verification of Data Authenticity in Rarlab Winrar

winDED Custom exploit for CVE-2023-38831 using python. Int...

Denial Of Service (DoS)

mattermost is vulnerable to Denial Of Service attack. The vulnerability is caused due to a lack of validation while performing zip file extraction. An attacker is able to upload a specially crafted zip zip bomb, which upon extraction leads to consumption of excessive resources...

GHSA-897X-XVJ8-42RQ Zip slip in mleap

FileUtil.extract enumerates all zip file entries and extracts each file without validating whether file paths in the archive are outside the intended directory. When creating an instance of TensorflowModel using the savedmodel format and an exported tensorflow model, the apply function invokes th...

CVE-2023-5245

FileUtil.extract enumerates all zip file entries and extracts each file without validating whether file paths in the archive are outside the intended directory. When creating an instance of TensorflowModel using the savedmodel format and an exported tensorflow model, the apply function invokes th...

PT-2023-24738 · Easyuse · Easyuse Mailhunter Ultimate

Name of the Vulnerable Software and Affected Versions: EasyUse MailHunter Ultimate versions 2023 and earlier Description: The issue allows remote authenticated users to extract files into arbitrary directories via a crafted ZIP archive. This is due to a path traversal vulnerability in the create...

CVE-2023-26367 Error based file extraction via PHP filter chains during product bulk import logic

Adobe Commerce versions 2.4.7-beta1 and earlier, 2.4.6-p2 and earlier, 2.4.5-p4 and earlier and 2.4.4-p5 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read by an admin-privilege authenticated attacker. Exploitation of this issue do...