34 matches found
Altair HyperView Player 安全漏洞
Altair HyperView Player is a standalone 3D viewer from Altair Japan. It is used to share CAE models and simulation results. A security vulnerability exists in Altair HyperView Player that originates from uninitialized memory...
GHSA-VPX7-VM66-QX8R Path Traversal in github.com/unknwon/cae/zip
The ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide. Specific Go Packages Affected github.com/unknwon/cae/zip...
Path Traversal in github.com/unknwon/cae/zip
The ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide. Specific Go Packages Affected github.com/unknwon/cae/zip...
cae input validation error vulnerability (CNVD-2021-25664)
cae is a compression/decompression software package. An input validation error vulnerability exists in the ExtractTo feature in all versions of cae, which stems from the program failing to properly escape the path to a file in a zip archive, and can be exploited by an attacker to add or replace...
cae input validation error vulnerability
cae is a compression/decompression software package. An input validation error vulnerability exists in the ExtractTo feature in all versions of cae, which stems from the program failing to properly escape the path to a file in a zip archive, and can be exploited by an attacker to add or replace...
CVE-2020-7668
In all versions of the package github.com/unknwon/cae/tz, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide...
CVE-2020-7664
In all versions of the package github.com/unknwon/cae/zip, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide...
CVE-2020-7668
CVE-2020-7668 affects the Go package github.com/unknwon/cae/tz, where the ExtractTo function does not securely escape file paths in zip archives that contain leading or non-leading "..". This can allow an attacker to add or replace files system-wide. The vulnerability is described across multiple...
CVE-2020-7664 Arbitrary File Write via Archive Extraction (Zip Slip)
In all versions of the package github.com/unknwon/cae/zip, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide...
Arbitrary File Write via Archive Extraction (Zip Slip)
Overview github.com/unknwon/cae/tz is a package that provides archiving functionality for .tar.gz archives. Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip. The ExtractTo function doesn't securely escape file paths in zip archives which...
Arbitrary File Write via Archive Extraction (Zip Slip)
Overview github.com/unknwon/cae/zip is a package that provides archiving functionality for .zip archives. Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip. The ExtractTo function doesn't securely escape file paths in zip archives which inclu...
CATIA V5 CATSysDemon.exe缓冲区溢出漏洞
CATIA是数字产品定义及生命周期管理使用的CAD、CAE、CAM应用集成软件包。 CATIA V5 6R2013及其他版本处理某些数据包时,CATSysDemon.exe内出错,恶意用户通过发送特制的数据包到TCP端口55555,利用此漏洞可造成栈缓冲区溢出。 0 3ds catia-v5 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.3ds.com/...
Catia V5-6R2013 - 'CATV5_Backbone_Bus' Stack Buffer Overflow (PoC)
''' Title: Dassault Syst�mes Catia V5-6R2013 "CATV5BackboneBus" Stack Buffer Overflow Date: 2-18-2014 Author: Mohamed Shetta Email: mshetta |at| live |dot| com Vendor Homepage: http://www.3ds.com/products-services/catia/portfolio/catia-v5/latest-release/ Tested on: Windows 7 & Windows XP...
Directory traversal
The web-server component in the Consolidation and Analysis Engine CAE Server in DB2 Query Monitor in IBM DB2 Tools 2.3.0 for z/OS does not prevent directory browsing, which allows remote attackers to obtain sensitive information via HTTP requests...