13 matches found
OSEC-2026-08 Path traversal vulnerability in ocaml-tar
A malicious archive with ../ path segments in its name allows escaping the current working directory. This is not desired behavior, and tar1 rejects such extractions, but ocaml-tar decompresses it anyway. The impact is that it allows arbitrary file write outside of the desired extraction director...
CVE-2026-41530
The automatic folder creation feature of Lhaz and Lhaz+ provided by Chitora soft contains a path traversal vulnerability. When the affected product is configured with the automatic folder creation feature enabled, and a product user tries to extract an archive file which has a crafted file name,...
CVE-2026-2343
The PeproDev Ultimate Invoice WordPress plugin through 2.2.5 has a bulk download invoices action that generates ZIP archives containing exported invoice PDFs. The ZIP files are named predictably making it possible to brute force and retreive PII...
Path Traversal
wheel is vulnerable to Path Traversal.The vulnerability is due to unsafe handling of file permissions during wheel extraction, where the unpack function trusts archive header filenames when applying chmod, allowing a malicious wheel to modify permissions of arbitrary system files after path...
CVE-2023-2868
A remote command injection vulnerability exists in the Barracuda Email Security Gateway appliance form factor only product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file tape archives. The vulnerability ste...
SUSE CVE-2010-0624
Heap-based buffer overflow in the rmtread function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service memory corruption or possibly execute arbitrary code by sending more data than was requested,...
SUSE CVE-2016-10100
Borg aka BorgBackup before 1.0.9 has a flaw in the way duplicate archive names were processed during manifest recovery, potentially allowing an attacker to overwrite an archive...
Arbitrary Archive File Overwrite
Borg aka BorgBackup has a flaw in the way of processing duplicate archive names during manifest recovery. When rebuilding the manifest which should only be needed very rarely, duplicate archive names would be handled on a "first come first serve" basis, allowing an attacker to arbitrarily overwri...
CVE-2016-10100
Borg aka BorgBackup before 1.0.9 has a flaw in the way duplicate archive names were processed during manifest recovery, potentially allowing an attacker to overwrite an archive...
CVE-2016-10100
The CVE-2016-10100 issue affects BorgBackup (Borg) prior to 1.0.9, caused by how duplicate archive names were processed during manifest recovery. This could allow an attacker to overwrite an existing archive when the manifest is rebuilt. The available connected documents confirm the flaw and iden...
CVE-2016-10100
Borg aka BorgBackup before 1.0.9 has a flaw in the way duplicate archive names were processed during manifest recovery, potentially allowing an attacker to overwrite an archive...
cpio: Heap-based buffer overflow by expanding a specially-crafted archive
Heap-based buffer overflow in the rmtread function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service memory corruption or possibly execute arbitrary code by sending more data than was requested,...
DEBIAN-CVE-2010-0624
Heap-based buffer overflow in the rmtread function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service memory corruption or possibly execute arbitrary code by sending more data than was requested,...