13 matches found
CVE-2026-42497
Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory. makespecialfile passes the tar header's linkname to link without validating it against absolute paths or .. segments, creating a hardlink that shares the victim file's inode...
EUVD-2008-0472
Malware in sbrugna...
EUVD-2010-0778
Malware in sbrugna...
EUVD-2004-2012
Malware in sbrugna...
python: cpython: tarfile: ReDos via excessive backtracking while parsing header values
A regular expression denial of service ReDos vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive...
Command Injection
Overview git-archive is a module to take a bare git repo, archive it, and export it as a tarball to a given path Affected versions of this package are vulnerable to Command Injection via the exports function. Remediation There is no fixed version for git-archive. Credit: JHU System Security Lab...
ESET NOD32 Archive support module heap buffer overflow vulnerability
ESET NOD32 is a suite of antivirus programs from ESET Slovakia. A heap buffer overflow vulnerability exists in the Archive support module of ESET NOD32 update prior to version 11861. A remote attacker can exploit this vulnerability to execute arbitrary code with the help of a large number of...
CVE-2012-4491
The Monthly Archive by Node Type module 6.x for Drupal does not properly check permissions defined by nodeaccess modules, which allows remote attackers to access restricted nodes via unspecified vectors...
CVE-2010-0752
The weekpostpage function in the Weekly Archive by Node Type module 6.x before 6.x-2.7 for Drupal does not properly implement node access restrictions when constructing SQL queries, which allows remote attackers to read restricted node listings via unspecified vectors...
SphereCMS 1.1 Alpha Blind SQL Injection
www.BugReport.ir AmnPardaz Security Research Team Title: SphereCMS Blind SQL Injection Vulnerability Vendor: http://sphere.xlentprojects.se/ Vulnerable Version: 1.1 alpha Latest version till now Exploitation: Remote with browser Fix: N/A - Description: SphereCMS is a CMS which allow managing foru...
CVE-2008-0462
Cross-site scripting XSS vulnerability in the Archive 5.x before 5.x-1.8 module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2008-0462
Cross-site scripting XSS vulnerability in the Archive 5.x before 5.x-1.8 module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
SA-2008-10 - Archive - Cross site scripting
The Archive module provides a replacement for the archive functionality that was present in Drupal 4.7. Certain URL arguments are not escaped before display. It is therefore possible to inject arbitrary HTML and script code into certain archive pages, which may lead to administrator access if...