27 matches found
Astra Linux – Vulnerability in Cpio
In all versions of cpio before 2.13, input files are not properly validated when generating TAR archives. When cpio is used to create TAR archives from paths that attackers can access, the resulting archive may contain files with permissions that the attacker does not have, or in paths to which t...
CVE-2026-6403
The Quick Playground plugin for WordPress (up to version 1.3.3) is vulnerable to a Path Traversal flaw. The root cause is insufficient validation in the qckply_zip_theme() function, which directly appends a user-controlled 'stylesheet' parameter to the theme root directory path without sanitizing...
CVE-2026-23989
REVA (OpenCloud Reva component) contains a vulnerability in its GRPC authorization middleware that lets a malicious user bypass the public link scope verification via the archiver service, enabling creation of an archive (zip/tar) containing all resources within the link’s scope. Affected version...
CVE-2026-23989 REVA Public Link Exploit
REVA is an interoperability platform. Prior to 2.42.3 and 2.40.3, a bug in the GRPC authorization middleware of the "Reva" component of OpenCloud allows a malicious user to bypass the scope verification of a public link. By exploiting this via the the "archiver" service this can be leveraged to...
CVE-2026-23989 REVA Public Link Exploit
REVA is an interoperability platform. Prior to 2.42.3 and 2.40.3, a bug in the GRPC authorization middleware of the "Reva" component of OpenCloud allows a malicious user to bypass the scope verification of a public link. By exploiting this via the the "archiver" service this can be leveraged to...
OpenCloud Reva has a Public Link Exploit
Impact A security issue was discovered in Reva based products that enables a malicious user to bypass the scope validation of a public link, allowing it to access resources outside the scope of a public link. Details Public link shares in OpenCloud are bound to a specific scope usually a file or...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via improper path validation during an archive creation. An authenticated attacker can read files and directories outside the intended directory scope by supplying crafted paths during the archiving operation. Detail...
EUVD-2006-1273
Malware in sbrugna...
Malicious code in pyapiepo (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 69aee56f4c3bce704bc65574959aee0226417e4d6a6e05e662d6fa235c12815f Campaign is split into multiple packages that altogether exfiltrates data from desktop Telegram application. 1. "pyapiepo" is a cover package that provides som...
Malicious code in zmaker (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 2f4ac88a121488df2fdfa1cb5409f3443f658a30d679f20acc41dd2c656bd3b8 Campaign is split into multiple packages that altogether exfiltrates data from desktop Telegram application. 1. "pyapiepo" is a cover package that provides som...
MAL-2025-191831 Malicious code in pyapiepo (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 69aee56f4c3bce704bc65574959aee0226417e4d6a6e05e662d6fa235c12815f Campaign is split into multiple packages that altogether exfiltrates data from desktop Telegram application. 1. "pyapiepo" is a cover package that provides som...
3DPrint < 3.5.6.9 - CSRF to arbitrary file downlad
Description The plugin does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will create an archive of any files or directories on the target server by tricking a logged in admin into...
SUSE CVE-2005-4268
Buffer overflow in cpio 2.6-8.FC4 on 64-bit platforms, when creating a cpio archive, allows local users to cause a denial of service crash and possibly execute arbitrary code via a file whose size is represented by more than 8 digits...
SUSE CVE-2006-1269
Buffer overflow in the parse function in parse.c in zoo 2.10 might allow local users to execute arbitrary code via long filename command line arguments, which are not properly handled during archive creation. NOTE: since this issue is local and not setuid, the set of attack scenarios is limited,...
Updated apache-commons-compress- packages fix security vulnerability
pdated apache-commons-compress packages fix security vulnerability: A resource consumption vulnerability was discovered in apache-commons- compress in the way NioZipEncoding encodes filenames. Applications that use Compress to create archives, with one of the filenames within the archive being...
PT-2019-4757 · Gnu +7 · Cpio +7
Name of the Vulnerable Software and Affected Versions: cpio versions prior to 2.13 Description: The issue is related to the improper validation of input files when generating TAR archives. This can lead to the creation of archives containing files with permissions or in paths that the attacker di...
CVE-2018-20946
cPanel before 68.0.27 allows attackers to read zone information because a world-readable archive is created by the archivesynczones script SEC-355...
cpio security update
CentOS Errata and Security Advisory CESA-2015:2108 Updated cpio packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base...
sosreport does not blank root password in anaconda plugin
The sosreport utility in the Red Hat sos package before 2.2-29 does not remove the root user password information from the Kickstart configuration file /root/anaconda-ks.cfg when creating an archive of debugging information, which might allow attackers to obtain passwords or password hashes...
cpio large filesize buffer overflow
Buffer overflow in cpio 2.6-8.FC4 on 64-bit platforms, when creating a cpio archive, allows local users to cause a denial of service crash and possibly execute arbitrary code via a file whose size is represented by more than 8 digits...