CVE-2025-63916

MyScreenTools v2.2.1.0 contains a critical OS command injection vulnerability in the GIF compression tool. The application fails to properly sanitize user-supplied file paths before passing them to cmd.exe, allowing attackers to execute arbitrary system commands with the privileges of the user...

SAP SAPCAR 安全漏洞

SAP SAPCAR is a utility program for compressing and/or decompressing SAP archive files from SAP, Germany. A security vulnerability exists in SAP SAPCAR that stems from the ability of an elevated privilege user to create malicious SAR archives that could result in elevated privileges...

XZ Utils 安全漏洞

XZ Utils is an open source utility program by Tukaani. A security vulnerability exists in XZ Utils versions 5.3.3alpha through 5.8.0, which stems from a flaw in the multithreaded .xz decoder that could lead to a crash and reuse after release...

Fedora: Security Advisory for rust-szip (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

XZ: Embedded Malicious Code (CVE-2024-3094)

A Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code. This file is then used to modify specific...

AdvanceCOMP 安全漏洞

AdvanceCOMP is a cross-platform command line tool for data compression. The product is capable of optimizing compressed files and reducing their size. A security vulnerability exists in AdvanceCOMP v2.3 that stems from a segmentation error...

AdvanceCOMP 缓冲区错误漏洞

AdvanceCOMP is a cross-platform command line tool for data compression. The product is capable of optimizing compressed files and reducing their size. A security vulnerability exists in AdvanceCOMP v2.3, which stems from the inclusion of a heap buffer overflow...

AdvanceCOMP 缓冲区错误漏洞

AdvanceCOMP is a cross-platform command line tool for data compression. The product is capable of optimizing compressed files and reducing their size. A security vulnerability exists in AdvanceCOMP v2.3, which stems from the inclusion of a heap buffer overflow...

PT-2021-7818 · Xmill · Xmill

Name of the Vulnerable Software and Affected Versions: Xmill affected versions not specified Description: The issue is related to the function HandleFileArg in the Xmill XML compression tool, which is vulnerable to exploitation due to the lack of checks on user-provided input. Specifically, the...

kgb directory traversal vulnerability

KGB is a free compression tool with high compression ratio. A directory traversal vulnerability exists in kgb, which can be exploited by a remote attacker to overwrite arbitrary files under the application using a specially crafted request with a directory traversal sequence '... /' to overwrite...

ARRIS DG860A - NVRAM Backup Password Disclosure

!/usr/bin/env ruby ARRIS DG860A NVRAM Backup 'Compressor/Decompressor', it really does xor? Gleaned from scmix executable in firmware dump. Backup file is world readable without authentication and contains password information in plain text. box:arris-dev cosmo$ wget http://192.168.0.1/router.dat...

BitZipper Installed

BitZipper, a data compression tool, is installed on the remote host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid66554; scriptversion"1.8"; scriptsetattributeattribute:"pluginmodificationdate", value:"2023/01/31"; scriptnameenglish:"BitZipper Installed";...

MikeyZip 1.1 .ZIP File Buffer Overflow

Exploit for windows platform in category local exploits !/usr/bin/perl +Exploit Title: MikeyZip 1.1 .ZIP File Buffer Overflow +Date: 10\04\2011 +Author: C4SS!0 G0M3S +Software Link: http://www.softpedia.com/get/Compression-tools/MikeyZip.shtml +Version: 1.1 +Tested On: WIN-XP SP3 Brazil Portugues...

Linux news 11.05.00

nmap 2.53 Вышла новая версия утилиты, предназначенной для сканирования сетей и отдельных хостов - nmap. Подробнее: http://www.appwatch.com/Linux/Library/81/view.html Red Hat создала инвестиционное подразделение для финансирования молодых компаний Компания Red Hat объявила о создании нового...