CVE-2020-11536

An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can craft a malicious .docx file, and exploit the unzip function to rewrite a binary and remotely execute code on a victim's server...

CVE-2020-11536

An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can craft a malicious .docx file, and exploit the unzip function to rewrite a binary and remotely execute code on a victim's server...

CVE-2020-11536

CVE-2020-11536 affects ONLYOFFICE Document Server 5.5.0. A maliciously crafted .docx can exploit the unzip function to rewrite a binary and remotely execute code on the server. The connected docs confirm the impact as remote code execution via crafted documents, but do not provide a vendor patch ...

Command Injection

Overview All versions of cocos-utils are vulnerable to Remote Code Execution. The unzip function concatenates user input to exec which may allow attackers to execute arbitrary commands on the server. Recommendation No fix is currently available. Consider using an alternative module until a fix is...

CVE-2018-17297

The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remote attackers to overwrite arbitrary files via directory traversal sequences in a filename within a ZIP archive...