29 matches found
EUVD-2010-5194
Malware in sbrugna...
EUVD-2006-2007
Malware in sbrugna...
EUVD-2020-16910
Malware in sbrugna...
EUVD-2025-12481
Malicious code in bioql PyPI...
CVE-2010-5235
Untrusted search path vulnerability in IZArc Archiver 4.1.2 allows local users to gain privileges via a Trojan horse ztv7z.dll file in the current working directory, as demonstrated by a directory that contains a .arj file. NOTE: some of these details are obtained from third party information...
CVE-2025-46652
In IZArc through 4.5, there is a Mark-of-the-Web Bypass Vulnerability. When a user performs an extraction from an archive file that bears Mark-of-the-Web, Mark-of-the-Web is not propagated to the extracted files. NOTE: this is disputed because Mark-of-the-Web propagation can increase risk via...
CVE-2025-46652
In IZArc through 4.5, there is a Mark-of-the-Web Bypass Vulnerability. When a user performs an extraction from an archive file that bears Mark-of-the-Web, Mark-of-the-Web is not propagated to the extracted files. NOTE: this is disputed because Mark-of-the-Web propagation can increase risk via...
CVE-2025-46652
In IZArc through 4.5, there is a Mark-of-the-Web Bypass Vulnerability. When a user performs an extraction from an archive file that bears Mark-of-the-Web, Mark-of-the-Web is not propagated to the extracted files. NOTE: this is disputed because Mark-of-the-Web propagation can increase risk via...
CVE-2025-46652
In IZArc through 4.5, there is a Mark-of-the-Web Bypass Vulnerability. When a user performs an extraction from an archive file that bears Mark-of-the-Web, Mark-of-the-Web is not propagated to the extracted files. NOTE: this is disputed because Mark-of-the-Web propagation can increase risk via...
PT-2025-17961 · Izarc · Izarc
Name of the Vulnerable Software and Affected Versions: IZArc versions through 4.5 Description: The issue concerns a Mark-of-the-Web Bypass Vulnerability in IZArc. When a user extracts files from an archive that has a Mark-of-the-Web attribute, this attribute is not propagated to the extracted...
IZArc 安全漏洞
IZArc is an application from the Chinese IZArc community. It provides compression and decompression functions. A security vulnerability exists in IZArc 4.5 and earlier versions, which originates from extracting an archive file with Mark-of-the-Web without propagating the mark to the extracted fil...
CVE-2025-46652
CVE-2025-46652 affects IZArc up to version 4.5, describing a Mark-of-the-Web bypass where extraction from an archive bearing MotW does not propagate the MotW to the extracted files. This is explicitly documented across multiple sources as a Mark-of-the-Web propagation issue, with an accompanying ...
CVE-2020-24175
Buffer overflow in Yz1 0.30 and 0.32, as used in IZArc 4.4, ZipGenius 6.3.2.3116, and Explzh extension 8.14, allows attackers to execute arbitrary code via a crafted archive file, related to filename handling...
Buffer overflow
Buffer overflow in Yz1 0.30 and 0.32, as used in IZArc 4.4, ZipGenius 6.3.2.3116, and Explzh extension 8.14, allows attackers to execute arbitrary code via a crafted archive file, related to filename handling...
CVE-2020-24175
CVE-2020-24175 describes a buffer overflow in Yz1 0.30/0.32 as used by IZArc 4.4, ZipGenius 6.3.2.3116, and Explzh (extension) 8.14. in which crafted archive files trigger the overflow during filename handling, allowing arbitrary code execution. The affected components are the Yz1 implementations...
IZArc Yz1 Buffer Error Vulnerability
IZArc Yz1 is an application for the Chinese IZArc community. It provides compression and decompression functionality. A buffer error vulnerability exists in Yz1 0.30 and 0.32, which can be exploited by an attacker to execute arbitrary code via a crafted archive file related to filename handling...
CVE-2014-2720
IZArc 4.1.8 displays a file's name on the basis of a ZIP archive's Central Directory entry, but launches this file on the basis of a ZIP archive's local file header, which allows user-assisted remote attackers to conduct file-extension spoofing attacks via a modified Central Directory, as...
Design/Logic Flaw
IZArc 4.1.8 displays a file's name on the basis of a ZIP archive's Central Directory entry, but launches this file on the basis of a ZIP archive's local file header, which allows user-assisted remote attackers to conduct file-extension spoofing attacks via a modified Central Directory, as...
CVE-2014-2720
IZArc 4.1.8 displays a file's name on the basis of a ZIP archive's Central Directory entry, but launches this file on the basis of a ZIP archive's local file header, which allows user-assisted remote attackers to conduct file-extension spoofing attacks via a modified Central Directory, as...
CVE-2014-2720
IZArc 4.1.8 is vulnerable due to a mismatch between ZIP Central Directory data (file name) and the Local File Header used to launch the file. This allows user‑assisted remote attackers to perform file‑extension spoofing that can lead to unintended code execution, demonstrated when a .jpg in the C...