GHSA-W55J-F7VX-6Q37 Openshift Enterprise source-to-image vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip)

Openshift Enterprise source-to-image before version 1.1.10 is vulnerable to an improper validation of user input. An attacker who could trick a user into using the command to copy files locally, from a pod, could override files outside of the target directory of the command. Specific Go Packages...

CVE-2023-24057

HL7 Health Level 7 FHIR Core Libraries before 5.6.92 allow attackers to extract files into arbitrary directories via directory traversal from a crafted ZIP or TGZ archive for a prepackaged terminology cache, NPM package, or comparison archive...

CVE-2022-4510 Path Traversal in binwalk

A path traversal vulnerability was identified in ReFirm Labs binwalk from version 2.1.2b through 2.3.3 included. By crafting a malicious PFS filesystem file, an attacker can get binwalk's PFS extractor to extract files at arbitrary locations when binwalk is run in extraction mode -e option. Remot...

CVE-2023-24057

HL7 Health Level 7 FHIR Core Libraries before 5.6.92 allow attackers to extract files into arbitrary directories via directory traversal from a crafted ZIP or TGZ archive for a prepackaged terminology cache, NPM package, or comparison archive...

MITM based Zip Slip in `org.hl7.fhir.publisher:org.hl7.fhir.publisher`

Impact MITM can enable Zip-Slip. Vulnerability Vulnerability 1: Publisher.java There is no validation that the zip file being unpacked has entries that are not maliciously writing outside of the intended destination directory...

The vulnerability of the FortiADC application delivery controller arises from insufficient validation of input data, allowing attackers to extract files with specific extensions from the basic Linux system.

The vulnerability of the FortiADC application delivery controller exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to extract files with specific extensions from the basic Linux system using specially crafted HTTP requests...

Remote Code Execution (RCE)

binwalk is vulnerable to remote code execution. A remote attacker is able to upload and execute malicious code on the system under attack via the affected file src/binwalk/modules/extractor.py of the component Archive Extraction Handler...

GHSA-78M5-JPMF-CH7V GuardDog vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package

Summary Unsafe extracting using shutil.unpackarchive from a remotely retrieved tarball may lead to writing the extracted file to an unintended destination. Details Extracting files using shutil.unpackarchive from a potentially malicious tarball without validating that the destination file path is...

GuardDog vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package

Summary Unsafe extracting using shutil.unpackarchive from a remotely retrieved tarball may lead to writing the extracted file to an unintended destination. Details Extracting files using shutil.unpackarchive from a potentially malicious tarball without validating that the destination file path is...

Authorization Bypass

cargo is vulnerable to Authorization Bypass. The vulnerability exists during file extraction which allows an attacker to upload to an alternate registry a specially crafted package...

Authorization Bypass

cargo is vulnerable to authorization bypass. The vulnerability exists during file extraction which allows an attacker to corrupt one file on the machine using Cargo to extract the package...

Lancet 路径遍历漏洞

Lancet is a comprehensive, efficient and reusable go utility library by DuDaoDong's personal developer. A path traversal vulnerability exists in Lancet v1.9.02.001 versions 2.1.10 and 1.3.4, which stems from a ZipSlip issue when extracting files using the fileutil package...

Exploit for Improper Restriction of XML External Entity Reference in Wordpress

CVE-2021-29447-POC About This script automates the requir...

CVE-2022-41352

An issue was discovered in Zimbra Collaboration ZCS 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole extraction to /opt/zimbra/jetty/webapps/zimbra/public that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also,...

Zimbra Zip Path Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/zip' class MetasploitModule 'Zip Path Traversal in Zimbra mboximport CVE-2022-27925', 'Description' = %q This module POSTs a ZIP file containing path...

CVE-2021-22650

An attacker may use TWinSoft and a malicious source project file TPG to extract files on machine executing Ovarro TWinSoft, which could lead to code execution...

Code injection

An attacker may use TWinSoft and a malicious source project file TPG to extract files on machine executing Ovarro TWinSoft, which could lead to code execution...

PT-2022-9262 · Ovarro · Ovarro Twinsoft

Name of the Vulnerable Software and Affected Versions: Ovarro TWinSoft affected versions not specified Description: An attacker may use TWinSoft and a malicious source project file TPG to extract files on the machine executing Ovarro TWinSoft, which could lead to code execution. Recommendations: ...

Exploit for Link Following in Rarlab Unrar

A proof of concept for CVE-2022-30333 - a path traversal vulnera...

Exploit for Link Following in Rarlab Unrar

A proof of concept for CVE-2022-30333 - a path traversal vulnera...