363 matches found
[SECURITY] [DSA 4255-1] ant security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4255-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 24, 2018 https://www.debian.org/security/faq -...
Debian: Security Advisory (DSA-4255-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DLA-1431-1 : ant security update
unzip and untar target tasks in ant allows the extraction of files outside the target directory. A crafted zip or tar file submitted to an Ant build could create or overwrite arbitrary files with the privileges of the user running Ant. For Debian 8 'Jessie', these problems have been fixed in...
[SECURITY] [DLA 1431-1] ant security update
Package : ant Version : 1.9.4-3+deb8u1 CVE ID : CVE-2018-10886 unzip and untar target tasks in ant allows the extraction of files outside the target directory. A crafted zip or tar file submitted to an Ant build could create or overwrite arbitrary files with the privileges of the user running Ant...
CVE-2018-1000544
A directory and symbolic link traversal flaw was found in the way rubyzip gem extracts zip files. An attacker, with access to a privileged application capable of extracting zip files, could use this flaw to write new files to arbitrary paths, accessible by the aforementioned privileged applicatio...
Hash-Buster v2.0 - Tool Which Uses Several APIs To Perform Hash Lookups
Features Automatic hash type identification Supports MD5, SHA1, SHA2 Can extract & crack hashes from a file Can find hashes from a directory, recursively 6 robust APIs As powerful as Hulk, as intelligent as Bruce Banner Single Hash You don't need to specify the hash type. Hash Buster will identif...
Arbitrary File Write
maven-core is vulnerable to arbitrary file writes. The application does not properly validate the destination filepath when during zip file extraction, allowing a malicious user to control the write destination and overwrite files...
Arbitrary File Write
zip4j is vulnerable to arbitrary file write. The application does not properly validate the destination filepath during compressed file extraction, allowing a malicious user to overwrite files in the target directory...
Arbitrary File Write
adm-zip is vulnerable to arbitrary file write. The application does not properly validate the destination filepath during compressed file extraction, allowing a malicious user to overwrite files in the target directory...
Arbitrary File Write
zt-zip is vulnerable to arbitrary file write. The application does not properly validate the destination filepath during compressed file extraction, allowing a malicious user to overwrite files in the target directory...
CVE-2018-8008
Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z, that holds path traversal filenames. So...
Arbitrary File Write
diffoscope is vulnerable to arbitrary file write attacks. The vulnerability exists because it does not properly escape the filenames when extracting archive members...
CVE-2017-6157
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 12.0.0 to 12.1.1, 11.6.0 to 11.6.1, 11.5.0 - 11.5.4, virtual servers with a configuration using the HTTP Explicit Proxy functionality and/or SOCKS profile are vulnerable to an...
CVE-2017-6157
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 12.0.0 to 12.1.1, 11.6.0 to 11.6.1, 11.5.0 - 11.5.4, virtual servers with a configuration using the HTTP Explicit Proxy functionality and/or SOCKS profile are vulnerable to an...
CVE-2017-14120
unrar 0.0.1 aka unrar-free or unrar-gpl suffers from a directory traversal vulnerability for RAR v2 archives: pathnames of the form ../filename are unpacked into the upper directory...
openSUSE Security Update : tar (openSUSE-2016-1341)
This update for tar fixes the following issues : - extract files recursively with --files-from boo913058 - Fix POINTYFEATHER vulnerability - GNU tar archiver can be tricked into extracting files and directories in the given destination, regardless of the path names specified on the command line...
Droid-Hunter - Android Application Vulnerability Analysis And Android Pentest Tool
.---. .----------- / \ / ------ / / \ / ----- ╔╦╗╦═╗╔═╗╦╔╦╗ ╦ ╦╦ ╦╔╗╔╔╦╗╔═╗╦═╗ ////// ' / --- ║║╠╦╝║ ║║ ║║───╠═╣║ ║║║║ ║ ║╣ ╠╦╝ //// / // : : --- ═╩╝╩╚═╚═╝╩═╩╝ ╩ ╩╚═╝╝╚╝ ╩ ╚═╝╩╚═ // / / / '-- By HaHwul // //..\ www.hahwul.com ====UU====UU==== https://github.com/hahwul/droid-hunter '//||\ ''...
[SECURITY] [DLA 570-1] kde4libs security update
Package : kde4libs Version : 4:4.8.4-4+deb7u2 CVE ID : CVE-2016-6232 Debian Bug : 832620 It was possible to trick kde4libss KArchiveDirectory::copyTo function to extract files to arbitrary system locations from a specially prepared tar file outside of the extraction folder. For Debian 7 "Wheezy",...
DLA-570-1 kde4libs - security update
Bulletin has no description...
Siemens SIMATIC WinCC, PCS 7, and WinCC Runtime Professional Vulnerabilities (Update C)
OVERVIEW This updated advisory is a follow-up to the advisory update titled ICSA-16-208-01B Siemens SIMATIC WinCC, PCS 7, and WinCC Runtime Professional Vulnerabilities that was published October 4, 2016, on the NCCIC/ICS-CERT web site. Siemens has identified two vulnerabilities in SIMATIC WinCC,...