CVE-2025-50328

CVE-2025-50328 affects B1 Free Archiver v1.5.86. The vulnerability occurs when files extracted from downloaded archives do not propagate the Zone.Identifier (MotW) ADS to extracted files, allowing them to bypass Windows Defender SmartScreen and security prompts. This can enable untrusted code exe...

wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking

A path traversal flaw has been discovered in the python wheel too. The unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the...

SUSE CVE-2025-33026

In PeaZip through 10.4.0, there is a Mark-of-the-Web Bypass Vulnerability. This vulnerability allows attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of PeaZip. User interaction is required to exploit this vulnerability in that the target must visit a malicio...

PT-2024-22281 · Easyrange · Easyrange

Name of the Vulnerable Software and Affected Versions: EasyRange Ver 1.41 Description: The issue with the executable file search path when displaying an extracted file on Explorer may lead to loading an executable file that resides in the same folder where the extracted file is placed. If this...

EasyRanges 安全漏洞

EasyRanges is a small Julia package from the individual developer Éric Thiébaut. A security vulnerability exists in EasyRanges version 1.41, which stems from an issue with EasyRange that contains search paths for executables, which could lead to loading executables located in the same folder as t...

CVE-2022-23530

GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to v0.1.8 are vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package. Extracting files using shutil.unpackarchive from a potentially malicious tarball without validating that the destinati...

CVE-2019-1425

An elevation of privilege vulnerability exists when Visual Studio fails to properly validate hardlinks while extracting archived files, aka 'Visual Studio Elevation of Privilege Vulnerability'...

Open Source Malware Analysis Platform: FAME

Open Source Malware Analysis Platform FAME is an open source malware analysis platform that is meant to facilitate analysis of malware-related files, leveraging as much knowledge as possible in order to speed up and automate end-to-end analysis. FAME should be seen as a malware analysis framework...

CVE-2016-5847

SAP SAPCAR allows local users to change the permissions of arbitrary files and consequently gain privileges via a hard link attack on files extracted from an archive, possibly related to SAP Security Note 2327384...

PT-2016-2199 · Mozilla · Firefox Esr +1

Name of the Vulnerable Software and Affected Versions: Mozilla Firefox versions prior to 47.0 Mozilla Firefox ESR versions prior to 45.2 Description: The issue is related to the maintenance service in Mozilla Firefox, which does not properly prevent modification of extracted files during the...

Fedora Update for chmsee FEDORA-2007-3191

Check for the Version of chmsee OpenVAS Vulnerability Test Fedora Update for chmsee FEDORA-2007-3191 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

Debian Security Advisory DSA 846-1 (cpio)

The remote host is missing an update to cpio announced via advisory DSA 846-1. Two vulnerabilities have been discovered in cpio, a program to manage archives of files. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-1111 Imran Ghory discovered a race...