15 matches found
EUVD-2026-5103
EAP Legislator is vulnerable to Path Traversal in file extraction functionality. Attacker can prepare zipx archive default file type used by the Legislator application and choose arbitrary path outside the intended directory e.x. system startup where files will be extracted by the victim upon...
CVE-2026-1186
CVE-2026-1186 affects EAP Legislator: path traversal in the file extraction of ZIPX archives allows extraction outside the target directory (example: system startup). The issue is mitigated in version 2.25a. All connected sources describe the same vulnerability and fix; no additional exploit deta...
EUVD-2021-2127
Malware in sbrugna...
CVE-2024-6829
A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to exploit the tarfile.extractall function to extract the contents of a maliciously crafted tarfile to arbitrary locations on the host server. The attacker can control repo.path and runhash to bypass directory existence checks and...
SUSE CVE-2022-4510
A path traversal vulnerability was identified in ReFirm Labs binwalk from version 2.1.2b through 2.3.3 included. By crafting a malicious PFS filesystem file, an attacker can get binwalk's PFS extractor to extract files at arbitrary locations when binwalk is run in extraction mode -e option. Remot...
UBUNTU-CVE-2022-4510
A path traversal vulnerability was identified in ReFirm Labs binwalk from version 2.1.2b through 2.3.3 included. By crafting a malicious PFS filesystem file, an attacker can get binwalk's PFS extractor to extract files at arbitrary locations when binwalk is run in extraction mode -e option. Remot...
fhir-ig-publisher 路径遍历漏洞
HL7 fhir-ig-publisher is the source code for IG publisher from HL7. A security vulnerability exists in fhir-ig-publisher versions prior to 1.2.30, which originates from a vulnerability that allows attackers to extract files from ZIP or TGZ packages into arbitrary directories via directory travers...
Binwalk 路径遍历漏洞
Binwalk is a fast, easy-to-use tool from ReFirm Labs open source. It is used to analyze, reverse engineer and extract firmware images. A path traversal vulnerability exists in ReFirm Labs Binwalk versions 2.1.2b through 2.3.2, which stems from the presence of a path traversal that allows an...
Imporoper path validation in elFinder.NetCore
This affects all versions of package elFinder.NetCore. The ExtractAsync function within the FileSystem is vulnerable to arbitrary extraction due to insufficient validation...
CVE-2021-23427
This affects all versions of package elFinder.NetCore. The ExtractAsync function within the FileSystem is vulnerable to arbitrary extraction due to insufficient validation...
Input validation
This affects all versions of package elFinder.NetCore. The ExtractAsync function within the FileSystem is vulnerable to arbitrary extraction due to insufficient validation...
CVE-2021-23427
CVE-2021-23427 affects all versions of elFinder.NetCore. The vulnerability resides in the FileSystem.ExtractAsync function, where insufficient input validation enables arbitrary extraction (Zip Slip). Multiple sources describe an Arbitrary File Write/Extraction risk, with high-severity impact (cr...
elFinder 路径遍历漏洞
elFinder is a set of Drupal-based platform , open source AJAX file manager . The product provides multiple file uploads, image scaling, and other features. NetCore A path traversal vulnerability exists in elFinder.NetCore , the vulnerability stems from all versions of elFinder.NetCore due to...
WinRAR ACE File Validation Logic Bypass Vulnerability
WinRAR is a compressed package manager, as the archive tool RAR in the Windows environment with a graphical interface, can be used to back up data, compressed files, decompression of RAR/ZIP and other formats of the file, create RAR/ZIP and other formats of compressed files, has been more widely...
PT-2019-1468
Name of the Vulnerable Software and Affected Versions WinRAR versions prior to and including 5.61 Description The issue is related to a path traversal vulnerability in the unacev2.dll library of WinRAR, which occurs when the filename field of the ACE format is crafted in a specific way. This allo...