CVE-2006-6097

GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPENAMES record with a symbolic link, which is not properly handled by the extractarchive function in extract.c and extractmangle function in...

CVE-2006-6097

GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPENAMES record with a symbolic link, which is not properly handled by the extractarchive function in extract.c and extractmangle function in...

CVE-2006-6097

GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPENAMES record with a symbolic link, which is not properly handled by the extractarchive function in extract.c and extractmangle function in...

CVE-2006-6097

Summary: CVE-2006-6097 affects GNU tar (notably v1.15.1 and v1.16) due to improper handling of GNUTYPE_NAMES symlink records during extraction, enabling a user-assisted attacker to overwrite arbitrary files. Multiple advisories report the issue as a path-traversal vulnerability in tar extraction,...

CVE-2006-4877

The CVE-2006-4877 entry concerns David Bennett PHP-Post (PHPp) 1.0 and earlier, where a variable overwrite vulnerability exists due to the use of PHP extract in multiple vectors. The affected components are the PHPp pages index.php, profile.php, and header.php, with the demonstrated vector involv...

CVE-2006-4877

Variable overwrite vulnerability in David Bennett PHP-Post PHPp 1.0 and earlier allows remote attackers to overwrite arbitrary program variables via multiple vectors that use the extract function, as demonstrated by the tableprefix parameter in 1 index.php, 2 profile.php, and 3 header.php...

CVE-2006-4673

The CVE-2006-4673 entry concerns PHP-Fusion 6.01.4 and earlier, where maincore.php applies extract() to superglobals. This enables a global-variable overwriting flaw that can lead to SQL injection via the _SERVER[REMOTE_ADDR] parameter to news.php. The vulnerability arises from unrestricted varia...

security flaw

optionsidentities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS attacks, and write arbitrary files...

SquirrelMail Arbitrary Variable Overwriting Vulnerability

GulfTech Security Research July 14th, 2005 Vendor : The SquirrelMail Project Team URL : http://www.squirrelmail.org/ Version : SquirrelMail 1.4.5-RC1 && Earlier Risk : Variable Overwriting Description: SquirrelMail is a standards-based webmail package written in php. It includes built-in pure PHP...

CVE-2005-2095

optionsidentities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS attacks, and write arbitrary files...

CVE-2005-2095

optionsidentities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS attacks, and write arbitrary files...

CVE-2005-1596

index.php in Fusion SBX 1.2 and earlier does not properly use the extract function, which allows remote attackers to bypass authentication by setting the islogged parameter or execute arbitrary code via the maxname2 parameter...

PT-2004-1119 · Unarj · Unarj

Name of the Vulnerable Software and Affected Versions: unarj affected versions not specified Description: The issue is related to a directory traversal vulnerability in the -x extract command line option. This vulnerability allows remote attackers to overwrite arbitrary files by using an arj...

security flaw

Buffer overflow in the extractone function from lhext.c in LHA may allow attackers to execute arbitrary code via a long w working directory command line option, a different issue than CVE-2004-0769. NOTE: this issue may be REJECTED if there are not any cases in which LHA is setuid or is otherwise...

January 21, 2021-KB4598296 (OS Build 17763.1728) Preview

January 21, 2021-KB4598296 OS Build 17763.1728 Preview Release Date: 1/21/2021 Version: OS Build17763.1728 Important:12/8/20 Adobe Flash Player went out of support on December 31, 2020. For more information, see Adobe Flash end of support on December 31, 2020. Adobe started blocking Flash content...

putsyslog.txt

http://www.rootshell.com/ From [email protected] Wed Jul 8 10:18:27 1998 Date: Wed, 8 Jul 1998 19:08:41 +0200 From: Paul Boehm To: [email protected] Subject: putsyslog hi, users can write messages to syslog and thus hide files in there and bypass quotas.. later they can extract it if they ha...

Security update 1970-01-01

...