Gibbon 安全漏洞

Gibbon is a school platform developed by the Gibbon team that addresses practical problems encountered by educators every day. Versions of Gibbon prior to v30.0.01 contained security vulnerabilities. These vulnerabilities were caused by path traversal attacks. When attempting to extract PHP files...

CVE-2026-30973

Appium is an automation framework that provides WebDriver-based automation possibilities for a wide range platforms. Prior to 7.0.6, @appium/support contains a ZIP extraction implementation extractAllTo via ZipExtractor.extract with a path traversal Zip Slip check that is non-functional. The chec...

UBUNTU-CVE-2025-45582

GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file,...

Path Traversal

Safearchive is vulnerable to a Path Traversal. The vulnerability is due to the handling of archive extractions on case-insensitive filesystems e.g., NTFS, which allows attackers to write arbitrary files by using symbolic links in the archive...

Malicious code in midi-melody-extractions (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8cf5fe50a15b36c41406e9d04f254b0acae240897b5ad49b1165228613cb036a A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...

BIT-RUBY-2021-31810

An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2021-2721)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-2780-1 : ruby2.3 - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2780 advisory. Multiple vulnerabilites in ruby2.3, interpreter of object-oriented scripting language Ruby, were discovered. CVE-2021-31799 In RDoc 3.11 through 6.x before 6.3.1, ...

CVE-2021-31810

An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise...

EulerOS Virtualization 2.9.1 : curl (EulerOS-SA-2021-1711)

According to the version of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port,...

EulerOS Virtualization 2.9.0 : curl (EulerOS-SA-2021-1737)

According to the version of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port,...

New Report on Police Decryption Capabilities

There is a new report on police decryption capabilities: specifically, mobile device forensic tools MDFTs. Short summary: its not just the FBI that can do it. This report documents the widespread adoption of MDFTs by law enforcement in the United States. Based on 110 public records requests to...

Open Source Malware Analysis Platform: FAME

Open Source Malware Analysis Platform FAME is an open source malware analysis platform that is meant to facilitate analysis of malware-related files, leveraging as much knowledge as possible in order to speed up and automate end-to-end analysis. FAME should be seen as a malware analysis framework...