Lucene search
K

34 matches found

cnnvd
cnnvd
added 2022/10/11 12:0 a.m.6 views

Altair HyperView Player 安全漏洞

Altair HyperView Player is a standalone 3D viewer from Altair Japan. It is used to share CAE models and simulation results. A security vulnerability exists in Altair HyperView Player that originates from uninitialized memory...

7.8CVSS7.3AI score0.00304EPSS
Exploits0References4
osv
osv
added 2021/05/18 8:31 p.m.50 views

GHSA-VPX7-VM66-QX8R Path Traversal in github.com/unknwon/cae/zip

The ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide. Specific Go Packages Affected github.com/unknwon/cae/zip...

7.5CVSS7.4AI score0.01419EPSS
Exploits1References5
github
github
added 2021/05/18 8:31 p.m.51 views

Path Traversal in github.com/unknwon/cae/zip

The ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide. Specific Go Packages Affected github.com/unknwon/cae/zip...

7.5CVSS7.2AI score0.01419EPSS
Exploits1References5Affected Software1
cnvd
cnvd
added 2020/06/24 12:0 a.m.12 views

cae input validation error vulnerability (CNVD-2021-25664)

cae is a compression/decompression software package. An input validation error vulnerability exists in the ExtractTo feature in all versions of cae, which stems from the program failing to properly escape the path to a file in a zip archive, and can be exploited by an attacker to add or replace...

7.5CVSS6.5AI score0.01419EPSS
Exploits1References1
cnvd
cnvd
added 2020/06/24 12:0 a.m.10 views

cae input validation error vulnerability

cae is a compression/decompression software package. An input validation error vulnerability exists in the ExtractTo feature in all versions of cae, which stems from the program failing to properly escape the path to a file in a zip archive, and can be exploited by an attacker to add or replace...

7.5CVSS6.5AI score0.01332EPSS
Exploits1References1
ubuntucve
ubuntucve
added 2020/06/23 7:38 p.m.22 views

CVE-2020-7668

In all versions of the package github.com/unknwon/cae/tz, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide...

7.5CVSS7.1AI score0.01332EPSS
Exploits1References2
ubuntucve
ubuntucve
added 2020/06/23 7:38 p.m.23 views

CVE-2020-7664

In all versions of the package github.com/unknwon/cae/zip, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide...

7.5CVSS7.1AI score0.01419EPSS
Exploits1References2
cve
cve
added 2020/06/17 4:0 p.m.61 views

CVE-2020-7668

CVE-2020-7668 affects the Go package github.com/unknwon/cae/tz, where the ExtractTo function does not securely escape file paths in zip archives that contain leading or non-leading "..". This can allow an attacker to add or replace files system-wide. The vulnerability is described across multiple...

7.5CVSS7.4AI score0.01332EPSS
Exploits1References1Affected Software1
cvelist
cvelist
added 2020/06/17 4:0 p.m.25 views

CVE-2020-7664 Arbitrary File Write via Archive Extraction (Zip Slip)

In all versions of the package github.com/unknwon/cae/zip, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide...

7.5CVSS7.5AI score0.01419EPSS
Exploits1References1
snyk
snyk
added 2020/05/26 2:7 p.m.5 views

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview github.com/unknwon/cae/tz is a package that provides archiving functionality for .tar.gz archives. Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip. The ExtractTo function doesn't securely escape file paths in zip archives which...

7.5CVSS7.8AI score0.01332EPSS
Exploits1References2
snyk
snyk
added 2020/05/26 2:5 p.m.5 views

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview github.com/unknwon/cae/zip is a package that provides archiving functionality for .zip archives. Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip. The ExtractTo function doesn't securely escape file paths in zip archives which inclu...

7.5CVSS7.8AI score0.01419EPSS
Exploits1References2
seebug
seebug
added 2014/02/26 12:0 a.m.44 views

CATIA V5 CATSysDemon.exe缓冲区溢出漏洞

CATIA是数字产品定义及生命周期管理使用的CAD、CAE、CAM应用集成软件包。 CATIA V5 6R2013及其他版本处理某些数据包时,CATSysDemon.exe内出错,恶意用户通过发送特制的数据包到TCP端口55555,利用此漏洞可造成栈缓冲区溢出。 0 3ds catia-v5 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.3ds.com/...

7.1AI score
Exploits0
exploitdb
exploitdb
added 2014/02/20 12:0 a.m.55 views

Catia V5-6R2013 - 'CATV5_Backbone_Bus' Stack Buffer Overflow (PoC)

''' Title: Dassault Syst�mes Catia V5-6R2013 "CATV5BackboneBus" Stack Buffer Overflow Date: 2-18-2014 Author: Mohamed Shetta Email: mshetta |at| live |dot| com Vendor Homepage: http://www.3ds.com/products-services/catia/portfolio/catia-v5/latest-release/ Tested on: Windows 7 & Windows XP...

7AI score
Exploits0
prion
prion
added 2011/11/11 9:55 p.m.10 views

Directory traversal

The web-server component in the Consolidation and Analysis Engine CAE Server in DB2 Query Monitor in IBM DB2 Tools 2.3.0 for z/OS does not prevent directory browsing, which allows remote attackers to obtain sensitive information via HTTP requests...

5CVSS6.5AI score0.01229EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder