Nextcloud Extract App OS Command Injection Vulnerability

Nextcloud is an open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany.Extract App is one of the compressed file extractor. An operating system command injection vulnerability exists in Nextcloud Extract App versions prior to 1.2.0. The...

CVE-2019-12739

lib/Controller/ExtractionController.php in the Extract add-on before 1.2.0 for Nextcloud allows Remote Code Execution via shell metacharacters in a RAR filename via ajax/extractRar.php nameOfFile and directory parameters...

CVE-2019-12739

lib/Controller/ExtractionController.php in the Extract add-on before 1.2.0 for Nextcloud allows Remote Code Execution via shell metacharacters in a RAR filename via ajax/extractRar.php nameOfFile and directory parameters...

Fedora Update for cabextract FEDORA-2018-a5953af115

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Nextcloud: Remote Code Execution via Extract App Plugin

Hi, I found a critical issue in the Add-on "Extract" listed in the Nextcloud Marketplace: https://apps.nextcloud.com/apps/extract This extension can be installed directly from Nextcloud Application The vulnerability was found in file: extract/lib/Controller/ExtractionController.php line 102. The...

Mimikatz v2.2.0 - A Post-Exploitation Tool to Extract Plaintexts Passwords, Hash, PIN Code from Memory

mimikatz is a tool I've made to learn C and make somes experiments with Windows security. It's now well known to extract plaintexts passwords, hash, PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash, pass-the-ticket or build Golden tickets. But that's not all!...

[SECURITY] Fedora 29 Update: podofo-0.9.6-6.fc29

PoDoFo is a library to work with the PDF file format. The name comes from the first letter of PDF Portable Document Format. A few tools to work with PDF files are already included in the PoDoFo package. The PoDoFo library is a free, portable C++ library which includes classes to parse PDF files a...

openSUSE Security Update : singularity (openSUSE-2019-811)

Singularity was updated to version 2.6.0, bringing features, bugfixes and security fixes. Security issues fixed : - CVE-2018-12021: Fixed access control on systems supporting overlay file system boo1100333. Highlights of 2.6.0 : - Allow admin to specify a non-standard location for mksquashfs bina...

OPENSUSE-SU-2019:0329-1 Security update for obs-service-tar_scm

This update for obs-service-tarscm fixes the following issues: Security vulnerabilities addressed: - CVE-2018-12473: Fixed a path traversal issue, which allowed users to access files outside of the repository using relative paths bsc1105361 - CVE-2018-12474: Fixed an issue whereby crafted service...

[SECURITY] Fedora 29 Update: podofo-0.9.6-5.fc29

PoDoFo is a library to work with the PDF file format. The name comes from the first letter of PDF Portable Document Format. A few tools to work with PDF files are already included in the PoDoFo package. The PoDoFo library is a free, portable C++ library which includes classes to parse PDF files a...

UEFI Firmware Parser - Parse BIOS/Intel ME/UEFI Firmware Related Structures: Volumes, FileSystems, Files, Etc

The UEFI firmware parser is a simple module and set of scripts for parsing, extracting, and recreating UEFI firmware volumes. This includes parsing modules for BIOS, OptionROM, Intel ME and other formats too. Please use the example scripts for parsing tutorials. Installation This module is includ...

PT-2019-18102 · Gnu +3 · Gnu Recutils +3

Name of the Vulnerable Software and Affected Versions: GNU Recutils version 1.8 Description: A memory leak issue was found in the rec extract type function within rec-utils.c in librec.a. Recommendations: For GNU Recutils version 1.8, at the moment, there is no information about a newer version...

pdfservices-extract-sdk (=1.0.0b1), pdfservices-sdk (>=1.0.0 <=1.0.2) potentially affected by CVE-2018-20325 via definitions (=0.2.0)

definitions PYPI version =0.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on definitions and may be impacted: - pdfservices-extract-sdk =1.0.0b1 - pdfservices-sdk =1.0.0, =1.0.2 Source cves: CVE-2018-20325 Source advisory: OSV:GHSA-V4X4-98CG-WR4G...

radare2 'r_bin_dyldcache_extract' function heap buffer overflow vulnerability

radare2 is a set of libraries and tools for working with binary files. A heap buffer overflow vulnerability exists in the 'rbindyldcacheextract' function in the libr/bin/format/mach0/dyldcache.c file in radare2 versions prior to 3.1.1. An attacker can exploit this vulnerability to cause a denial ...

DEBIAN-CVE-2018-20430

GNU Libextractor through 1.8 has an out-of-bounds read vulnerability in the function historyextract in plugins/ole2extractor.c, related to EXTRACTORcommonconverttoutf8 in common/convert.c...

GNU Libextractor Buffer Overflow Vulnerability (CNVD-2019-03527)

GNU Libextractor is a set of libraries developed by the GNU Project for extracting metadata from files. A buffer overflow vulnerability exists in the 'historyextract' function in the plugins/ole2extractor.c file in GNU Libextractor 1.8 and earlier. No details of the vulnerability are provided at...

pdfservices-extract-sdk (=1.0.0b1), pdfservices-sdk (>=1.0.0 <=1.0.2) potentially affected by CVE-2018-20325 via definitions (=0.2.0)

definitions PYPI version =0.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on definitions and may be impacted: - pdfservices-extract-sdk =1.0.0b1 - pdfservices-sdk =1.0.0, =1.0.2 Source cves: CVE-2018-20325 Source advisory: OSV:PYSEC-2018-82...

Google Android Buffer Overflow Vulnerability (CNVD-2019-27585)

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA. A buffer overflow vulnerability exists in the ixheaacdextractframeinfold of the ixheaacdenvextr.c file in Android version 9, which stems from a lack of boundary checking in the...

CVE-2018-9532

In ixheaacdextractframeinfold of ixheaacdenvextr.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9...

UBUNTU-CVE-2018-19115

keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extractstatuscode in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap...