114 matches found
EUVD-2011-0764
Malware in sbrugna...
EUVD-2007-0924
Malware in sbrugna...
EUVD-2006-4864
Malware in sbrugna...
PT-2025-40805
Name of the Vulnerable Software and Affected Versions allegroai/clearml version v2.0.1 Description A flaw exists in the handling of symbolic and hard links within the safe extract function, leading to a path traversal issue. This can result in arbitrary file writes outside the intended directory...
ROS-20250819-05
Vulnerability of TarFile.extractall and TarFile.extract functions of tarfile module of Python programming language interpreter CPython is related to incorrect restriction of path name of restricted directory. Python programming language interpreter CPython functions TarFile.extractall and...
Erlang - Absolute Path in Zip Module
https://github.com/erlang/otp/security/advisories/GHSA-9g37-pgj9-wrhc reports: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP stdlib modules allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program...
CVE-2023-0159
The Extensive VC Addons for WPBakery page builder WordPress plugin before 1.9.1 does not validate a parameter passed to the php extract function when loading templates, allowing an unauthenticated attacker to override the template path to read arbitrary files from the hosts file system. This may ...
CVE-2022-4063
The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP's extract function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers...
CVE-2025-1225
A vulnerability, which was classified as problematic, has been found in ywoa up to 2024.07.03. This issue affects the function extract of the file c-main/src/main/java/com/redmoon/weixin/aes/XMLParse.java of the component WXCallBack Interface. The manipulation leads to xml external entity...
facileManager SQL Injection Vulnerability
facileManager is a suite of modular Web applications from facileManager, Inc. facileManager suffers from an SQL injection vulnerability that originates from an unsafe call to the extract function in admin-logs.php. An attacker can use this vulnerability to view, add, modify, or delete information...
CVE-2024-24572 facileManager Authenticated Variable Manipulation leading to SQL Injection
facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, the $REQUEST global array was unsafely called inside an extract function in admin-logs.php. The PHP file fm-init.php prevents arbitrary manipulation of $SESSION via the GET/POST parameters...
facileManager SQL注入漏洞
facileManager is a suite of modular Web applications from facileManager, Inc. facileManager suffers from an SQL injection vulnerability that originates from an unsafe call to the extract function in admin-logs.php. An attacker can use this vulnerability to view, add, modify, or delete information...
python: tarfile module directory traversal
A flaw was found in the Python tarfile module. Extracting a crafted TAR archive with the tarfile.extract or tarfile.extractall functions could lead to a directory traversal vulnerability, resulting in overwrite of arbitrary files...
EulerOS 2.0 SP11 : python3 (EulerOS-SA-2023-2663)
According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote...
CVE-2023-52262
outdoorbits little-backup-box aka Little Backup Box before f39f91c allows remote attackers to execute arbitrary code because the PHP extract function is used for untrusted input...
Input validation
outdoorbits little-backup-box aka Little Backup Box before f39f91c allows remote attackers to execute arbitrary code because the PHP extract function is used for untrusted input...
CVE-2023-52262
Outdoorbits Little-backup-box; vulnerable in versions prior to f39f91c due to untrusted input being fed to PHP extract, enabling remote code execution. A fix exists in the commit f39f91c; advised remediation is to update to a version after f39f91c (or temporarily disable PHP extract for untrusted...
CVE-2023-52262
outdoorbits little-backup-box aka Little Backup Box before f39f91c allows remote attackers to execute arbitrary code because the PHP extract function is used for untrusted input...
Little Backup Box Security Vulnerability
Little Backup Box is a pocket-sized backup solution from the individual developers at outdoorbits that turns a single board computer into a multifunctional one. Little Backup Box suffers from a security vulnerability that stems from the presence of untrusted inputs to the PHP extract function,...
VulnCheck KEV: CVE-2022-4063
The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP's extract function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers...