10 matches found
EUVD-2024-19959
Malicious code in bioql PyPI...
CVE-2024-22404
Nextcloud files Zip app is a tool to create zip archives from one or multiple files from within Nextcloud. In affected versions users can download "view-only" files by zipping the complete folder. It is recommended that the Files ZIP app is upgraded to 1.2.1, 1.4.1, or 1.5.0. Users unable to...
CVE-2024-22404
CVE-2024-22404 is a permissions-bypass in the Nextcloud Files ZIP app. In affected versions, users can download view-only files by zipping an entire folder, bypassing intended access restrictions. Supported mitigations include upgrading the Files ZIP app to version 1.2.1, 1.4.1, or 1.5.0, or disa...
CVE-2024-22404 Permissions bypass in Nextcloud with the files zip app
Nextcloud files Zip app is a tool to create zip archives from one or multiple files from within Nextcloud. In affected versions users can download "view-only" files by zipping the complete folder. It is recommended that the Files ZIP app is upgraded to 1.2.1, 1.4.1, or 1.5.0. Users unable to...
CVE-2024-22404 Permissions bypass in Nextcloud with the files zip app
Nextcloud files Zip app is a tool to create zip archives from one or multiple files from within Nextcloud. In affected versions users can download "view-only" files by zipping the complete folder. It is recommended that the Files ZIP app is upgraded to 1.2.1, 1.4.1, or 1.5.0. Users unable to...
Can download "view-only" files with the Files ZIP app
None...
PT-2024-19394 · Nextcloud · Nextcloud Files Zip App
Name of the Vulnerable Software and Affected Versions: Nextcloud files Zip app versions prior to 1.2.1 Nextcloud files Zip app versions prior to 1.4.1 Nextcloud files Zip app versions prior to 1.5.0 Description: The Nextcloud files Zip app is a tool to create zip archives from one or multiple fil...
Path Traversal - Archiving Files to Zip
Description The Tiny File Manager pack files feature is vulnerable to path traversal, which allows an attacker to access files that reside outside the web document root directory. The vulnerability occurs as the "file" parameter is not sanitized properly, thus allowing a malicious user to input...
Directory traversal
FlightCrew v0.9.2 and older are vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ dot dot slash in a ZIP archive entry that is mishandled during extraction...
CVE-2018-1002201
zt-zip before 1.13 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...