Metasploit Weekly Wrap-Up

vCenter Secret Extracter Expanding on the work of the vcenterforgesamltoken auxiliary module, community contributor npm-cesium137-io has added a new module for extracting the vmdir/vmafd certificates, the IdP keypair, the VMCA root cert, and anything from vmafd that has a private key associated,...

Improper Limitation of a Pathname to a Restricted Directory in Fabric8 Kubernetes Client

A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause applications using the fabric8 kubernetes-client copy command to extract files outside the working path. The highest threat from this vulnerability is to integrity and...

GHSA-CM4R-58PJ-H2PH Moodle allows attackers to extract archives to arbitrary directories

mdeploy.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass intended access restrictions and extract archives to arbitrary directories via a crafted dataroot value...

CVE-2022-30333

RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract aka unpack operation, as demonstrated by creating a /.ssh/authorizedkeys file. NOTE: WinRAR and Android RAR are unaffected...

Directory traversal

RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract aka unpack operation, as demonstrated by creating a /.ssh/authorizedkeys file. NOTE: WinRAR and Android RAR are unaffected...

CVE-2022-30333

CVE-2022-30333 affects RARLAB UnRAR on Linux/UNIX before 6.12, where a directory traversal during an extract can write arbitrary files (demonstrated by creating ~/.ssh/authorized_keys). The issue is confirmed across multiple sources (Astra Linux note mirrors the UnRAR pre-6.12 flaw; Debian LTS ad...

DEBIAN-CVE-2021-44499

An issue was discovered in FIS GT.M through V7.0-000 related to the YottaDB code base. Using crafted input, an attacker can cause a call to $Extract to force an signed integer holding the size of a buffer to take on a large negative number, which is then used as the length of a memcpy call that...

Buffer overflow

An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000. Using crafted input, an attacker can cause a call to $Extract to force an signed integer holding the size of a buffer to take on a large negative number, which is then used as the length of a memcpy call...

UBUNTU-CVE-2021-44493

An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000. Using crafted input, an attacker can cause a call to $Extract to force an signed integer holding the size of a buffer to take on a large negative number, which is then used as the length of a memcpy call...

FIS GT.M 缓冲区错误漏洞

FIS GT.M is a database platform. A security vulnerability exists in versions prior to FIS GT.M V7.0-000, which can be exploited to cause a buffer overflow by an attacker who calls $Extract to force a signed integer of the size of the save buffer to be a larger negative number, which can then be...

YottaDB 安全漏洞

YottaDB is a real-time database from the American company YottaDB. A security vulnerability in YottaDB r1.32 and versions prior to V7.0-000 allows an attacker to cause a buffer overflow by calling $Extract to force a signed integer of the size of the save buffer to take a larger negative number,...

Siemens Mendix Access Control Error Vulnerability

Mendix is a high-productivity application platform that enables you to build and continuously improve mobile and large-scale Web applications. Siemens Mendix is vulnerable to an access control error that could be exploited by an attacker to extract information about the content of protected field...

OSV-2022-337 Heap-double-free in cli_extract_xlm_macros_and_images

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46586 Crash type: Heap-double-free Crash state: cliextractxlmmacrosandimages cliole2scantempdir climagicscan...

PT-2022-3421 · Django +5 · Django +5

Name of the Vulnerable Software and Affected Versions: Django versions 3.2.0 through 3.2.13 Django versions 4.0.0 through 4.0.5 Description: The issue is related to SQL injection in the Trunc and Extract database functions when untrusted data is used as a kind/lookup name value. This can allow an...

OESA-2022-1594 libtiff security update

This libtiff provides support for the Tag Image File Format TIFF, a widely used format for storing image data. The latest version of the TIFF specification is available on-line in several different formats.And contains command-line programs for manipulating TIFF format image files using the libti...

Dnsmasq 2.86 has a heap-based buffer overflow in extract_name (called from hash_questions and fuzz_util.c). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities to the best of our knowledge.

...

A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash potential information disclosure or any other context-dependent impact

...

DEBIAN-CVE-2022-0891

A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other...

article-extract (>=0.1.2 <=0.1.3), bookscrape (>=0.0.1.dev1 <=0.0.2b7) +19 more potentially affected by CVE-2022-0577 via scrapy (>=1.3.3 <=1.8.0)

scrapy PYPI version =1.3.3, =0.1.2, =0.0.1.dev1, =1.2.1.20160901, =0.0.5, =0.0.20, =0.9.3, =0.0.1, =1.0.0, =1.0.0, =1.7.2, =1.1.0, =0.1.0, =0.2.3, =0.0.1, =0.1.5, =0.1.8 and more Source cves: CVE-2022-0577 Source advisory: OSV:GHSA-CJVR-MFJ7-J4J8...

OSV-2022-90 Heap-double-free in cli_extract_xlm_macros_and_images

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44040 Crash type: Heap-double-free Crash state: cliextractxlmmacrosandimages cliole2scantempdir cliscanole2...