Lucene search
+L

305 matches found

Exploit DB
Exploit DB
added 2016/06/29 12:0 a.m.44 views

Symantec AntiVirus - Unpacking RAR Multiple Remote Memory Corruptions

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=810 A major component of the Symantec Antivirus scan engine is the "Decomposer", responsible for unpacking various archive formats such as ZIP, RAR, and so on. The decomposer runs as NT AUTHORITY\SYSTEM on Windows, and root on Linu...

7.4AI score
Exploits0
CNVD
CNVD
added 2016/05/03 12:0 a.m.5 views

TarDiff User Privilege Gain Vulnerability

TarDiff is a package comparison tool developed by software developer Josef Spillner. A privilege-acquisition vulnerability exists in TarDiff that stems from the use of predictable temporary directories for tarballs unpacking files. An attacker could exploit the vulnerability to overwrite files wi...

3.3CVSS6.9AI score0.00368EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2016/05/03 12:0 a.m.20 views

Debian DSA-3562-1 : tardiff - security update

Several vulnerabilities were discovered in tardiff, a tarball comparison tool. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2015-0857 Rainer Mueller and Florian Weimer discovered that tardiff is prone to shell command injections via shell...

10CVSS6.9AI score0.05391EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2015/10/22 12:0 a.m.5 views

The vulnerability of the Kaspersky Anti-Virus antivirus protection allows a hacker to trigger a service failure or execute arbitrary code.

The vulnerability of Kaspersky Anti-Virus lies in a memory corruption that occurs during the unpacking of executable files. Exploiting this vulnerability allows an attacker to cause service failures or execute arbitrary code using the executable file packed by the “Yoda’s Protector” tool, during...

10CVSS5.9AI score
Exploits0References4Affected Software1
exploitpack
exploitpack
added 2015/09/22 12:0 a.m.17 views

Kaspersky AntiVirus - PE Unpacking Integer Overflow

Kaspersky AntiVirus - PE Unpacking Integer Overflow Source: https://code.google.com/p/google-security-research/issues/detail?id=526 Fuzzing of packed executables found the attached crash. 0:022 g 83c.bbc: Access violation - code c0000005 first chance First chance exceptions are reported before an...

1.6AI score
Exploits0
Exploit DB
Exploit DB
added 2015/09/22 12:0 a.m.33 views

Kaspersky AntiVirus - PE Unpacking Integer Overflow

Source: https://code.google.com/p/google-security-research/issues/detail?id=526 Fuzzing of packed executables found the attached crash. 0:022 g 83c.bbc: Access violation - code c0000005 first chance First chance exceptions are reported before any exception handling. This exception may be expected...

7.4AI score
Exploits0
myhack58
myhack58
added 2015/08/29 12:0 a.m.26 views

Reverse router firmware of sensitive information leaked Part2-vulnerability warning-the black bar safety net

Previous articledescribes in detail the various unpacking the router firmware tools. Unpacking after you get the firmware file. The next step is to analyze the files looking for vulnerabilities. This time the goal of the analysis is a Trendnet Router, the analysis of the vulnerability is a remote...

7AI score
Exploits0
myhack58
myhack58
added 2015/08/23 12:0 a.m.71 views

Belkin F9K1111 firmware vulnerability analysis-vulnerability warning-the black bar safety net

Recently, we noticed that the HP DVLabs has been in the Belkin(Belkin) N300 Dual-Band WiFi range Extender(F9K1111 in at least 1 0 a vulnerability. In response, the Belkin just released the version number is 1. 0 4. 1 0 firmware. Because this is the F9K1111 the first update release, but there is n...

8.5AI score
Exploits0
ArchLinux
ArchLinux
added 2015/05/03 12:0 a.m.65 views

clamav: multiple issues

CVE-2015-2170 denial of service A flaw has been found in the UPX decoder with crafted files. During unpacking there are two range checks which are implemented "manually". Those checks lack the detection of overflows which are considered by the CLIISCONTAINED macro. - CVE-2015-2221 denial of...

6.8CVSS1.2AI score0.0837EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2015/03/05 3:18 a.m.3 views

docker: Escalation of privileges during decompression of LZMA archives

A flaw was found in the way the Docker service unpacked images or builds after a "docker pull". An attacker could use this flaw to provide a malicious image or build that, when unpacked, would escalate their privileges on the system...

10CVSS7.1AI score0.06452EPSS
Exploits0References5
Kitploit
Kitploit
added 2014/12/29 2:44 p.m.22 views

RPEF - Abstracts and expedites the process of backdooring stock firmware images for consumer/SOHO routers

Router Post-Exploitation Framework Currently, the framework includes a number of firmware image modules: 'Verified' - This module is confirmed to work and is stable. 'Unverified' - This module is believed to work or should work with little additional effort, but awaits being tested on a physical...

7.4AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.16 views

openSUSE Security Update : pigz (openSUSE-SU-2013:0540-1)

pigz incorrectly used world writeable permissions during unpacking CVE-2013-0296. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2013-258. The text description of this plugin is C SU...

4.4CVSS5.3AI score0.00343EPSS
Exploits0References3
OSV
OSV
added 2014/06/10 12:0 p.m.7 views

USN-2242-1 dpkg vulnerabilities

It was discovered that dpkg incorrectly handled certain patches when unpacking source packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could modify files outside the target unpack directory, leading to a denial of service...

6.4CVSS5.8AI score0.07322EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2014/05/05 12:0 a.m.27 views

Ubuntu: Security Advisory (USN-2183-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS6.5AI score0.02859EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2014/05/05 12:0 a.m.23 views

Ubuntu Update for dpkg USN-2183-1

Check for the Version of dpkg OpenVAS Vulnerability Test $Id: gbubuntuUSN21831.nasl 7957 2017-12-01 06:40:08Z santu $ Ubuntu Update for dpkg USN-2183-1 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you...

5CVSS6.4AI score0.02859EPSS
Exploits0References2
OSV
OSV
added 2014/04/30 2:22 p.m.1 views

DEBIAN-CVE-2014-0471

Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to "C-style filename quoting."...

5CVSS6.6AI score0.02859EPSS
Exploits0References1
Prion
Prion
added 2014/04/30 2:22 p.m.17 views

Directory traversal

Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to "C-style filename quoting."...

5CVSS6.8AI score0.02859EPSS
Exploits0References3Affected Software2
Cvelist
Cvelist
added 2014/04/30 2:0 p.m.48 views

CVE-2014-0471

Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to "C-style filename quoting."...

6.3AI score0.02859EPSS
Exploits0References3
OSV
OSV
added 2014/04/28 12:58 p.m.2 views

USN-2183-1 dpkg vulnerability

Jakub Wilk discovered that dpkg incorrectly certain paths and symlinks when unpacking source packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could modify files outside the target unpack directory, leading to a denial of...

5CVSS5.8AI score0.02859EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2014/04/28 12:0 a.m.26 views

CVE-2014-0471

Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to "C-style filename quoting."...

5CVSS6AI score0.02859EPSS
Exploits0References3
Rows per page
Query Builder