The vulnerability of the 7Z File Parser component, a archive file processor for the WinZip archive manager, allows a hacker to execute arbitrary code.

The vulnerability of the 7Z File Parser component, a archive file processor for the WinZip archive manager, is related to reading beyond the buffer boundaries in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code in the context of the current user, by sending a...

OESA-2024-1589 engrampa security update

Mate File Archiver is an application for creating and viewing archives files, such as zip, xv, bzip2, cab, rar and other compress formats. Security Fixes: Engrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal vulnerability that can be...

WinRAR < 7.00 Multiple Vulnerabilities

The remote host is running WinRAR, an archive manager for Windows, whose reported version is prior to 7.00. It is, therefore, affected by multiple vulnerabilties: - The vulnerability exists due to an error within the archive extraction functionality. A remote attacker can use a specially crafted...

Amazon Linux 2 : engrampa (ALASMATE-DESKTOP1.X-2024-008)

The version of engrampa installed on the remote host is prior to 1.24.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2MATE-DESKTOP1.X-2024-008 advisory. Engrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal...

SUSE CVE-2023-52138

Engrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal vulnerability that can be leveraged to achieve full Remote Command Execution RCE on the target. While handling CPIO archives, the Engrampa Archive manager follows symlink, cpio by defau...

CVE-2023-52138

Engrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal vulnerability that can be leveraged to achieve full Remote Command Execution RCE on the target. While handling CPIO archives, the Engrampa Archive manager follows symlink, cpio by defau...

CVE-2023-52138

Summary: CVE-2023-52138 affects Engrampa (MATE archive manager). The vulnerability arises in handling of CPIO archives where symlinks are followed and the archiver does not validate symlink targets, enabling a path traversal that can lead to arbitrary file writes and full Remote Command Execution...

PT-2024-2452 · Mate +1 · Engrampa +1

Name of the Vulnerable Software and Affected Versions: Engrampa versions prior to the version that includes commit 63d5dfa Description: The issue is related to a Path Traversal vulnerability in Engrampa, an archive manager for the MATE environment. This vulnerability can be leveraged to achieve...

SUSE CVE-2023-50255

Deepin-Compressor is the default archive manager of Deepin Linux OS. Prior to 5.12.21, there's a path traversal vulnerability in deepin-compressor that can be exploited to achieve Remote Command Execution on the target system upon opening crafted archives. Users are advised to update to version...

file-roller: path traversal vulnerability via a specially crafted filename contained in malicious archive

A path traversal vulnerability was discovered in the file-roller Archive Manager for GNOME in the way file paths with special characters are sanitized. Archives containing the sequence of characters "../" in a file path may be vulnerable to this flaw. A remote attacker could exploit this flaw by...

USN-4332-1: File Roller vulnerability

It was discovered that File Roller incorrectly handled symlinks. An attacker could possibly use this issue to expose sensitive information...

CVE-2019-16680

A path traversal vulnerability was discovered in the file-roller Archive Manager for GNOME in the way file paths with special characters are sanitized. Archives containing the sequence of characters "../" in a file path may be vulnerable to this flaw. A remote attacker could exploit this flaw by...

The vulnerability of the safer_name_suffix function in the GNU Tar archive manager allows a hacker to bypass the intended security measures and write data to arbitrary files.

The vulnerability of the safernamesuffix function in the GNU Tar archive manager exists due to an incorrect restriction on the pathname to the restricted-access directory. Exploiting this vulnerability could allow a malicious actor to bypass the intended security measures and write to arbitrary...

Debian DSA-4537-1 : file-roller - security update

It was discovered that file-roller, an archive manager for GNOME, does not properly handle the extraction of archives with a single ./../ in a file path. An attacker able to provide a specially crafted archive for processing can take advantage of this flaw to overwrite files if a user is dragging...

[SECURITY] [DSA 4537-1] file-roller security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4537-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 28, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4537-1] file-roller security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4537-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 28, 2019 https://www.debian.org/security/faq -...

USN-3074-1: File Roller vulnerability

It was discovered that File Roller incorrectly handled symlinks. If a user were tricked into extracting a specially-crafted archive, an attacker could delete files outside of the extraction directory...

Fedora 18 : file-roller-3.6.4-1.fc18 (2013-12653)

This update fixes CVE-2013-4668 : The File Roller archive manager for the GNOME desktop suffers from a path traversal vulnerability caused by insufficient path sanitization. A specially crafted archive file can be used to trigger creation of arbitrary files in any location, writable by the user...

USN-1906-1: File Roller vulnerability

Yorick Koster discovered that File Roller incorrectly sanitized paths. If a user were tricked into extracting a specially-crafted archive, an attacker could create and overwrite files outside of the extraction directory...

Fedora 19 : file-roller-3.8.3-1.fc19 (2013-12667)

This update fixes CVE-2013-4668 : The File Roller archive manager for the GNOME desktop suffers from a path traversal vulnerability caused by insufficient path sanitization. A specially crafted archive file can be used to trigger creation of arbitrary files in any location, writable by the user...