30 matches found
EUVD-2006-3323
Malware in sbrugna...
EUVD-2024-22305
Malicious code in bioql PyPI...
CVE-2024-24942
In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives...
SUSE CVE-2025-1936
jar: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but the fake extension after the null was used to determine the type of content. This could have been used to hide code in a web extension...
The vulnerability of the Continuous Integration and Deployment Application Delivery system (CI/CD) of JetBrains TeamCity, related to errors in processing the relative path to the directory, allows a hacker to extract data from JAR archives.
The vulnerability of the Continuous Integration and Application Delivery system CI/CD of TeamCity in JetBrains is related to errors in processing the relative path to the directory. Exploiting this vulnerability allows a malicious actor to remotely read data from JAR archives...
TeamCity Server < 2023.11.3 Multiple Vulnerabilities
According to its its self-reported version number, the version of JetBrains TeamCity running on the remote host is a version prior to 2023.11.3. It is, therefore, affected by multiple vulnerabilities: - Authentication bypass leading to RCE vulnerability CVE-2024-23917 - Path traversal allowed...
CVE-2024-24942
In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives...
CVE-2024-24942
In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives...
Path traversal
In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives...
CVE-2024-24942
In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives...
CVE-2024-24942
In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives...
CVE-2024-24942
CVE-2024-24942 affects JetBrains TeamCity versions prior to 2023.11.3. The vulnerability is a path traversal in JAR archives that allows reading data from within JAR files. Public sources in the connected documents consistently describe the issue as a path traversal vulnerability in TeamCity lead...
sbt path traversal vulnerability
sbt is a build tool for Scala, Java and more. A security vulnerability exists in versions prior to sbt 1.9.7, which stems from a vulnerability that allows attackers to write arbitrary files via specially crafted zip or JAR files...
GHSA-94RR-4JR5-9H2P Apache Ivy does not verify target path when extracting the archive
With Apache Ivy 2.4.0 an optional packaging attribute has been introduced that allows artifacts to be unpacked on the fly if they used pack200 or zip packaging. For artifacts using the "zip", "jar" or "war" packaging Ivy prior to version 2.5.1 doesn't verify the target path when extracting the...
openSUSE 15 Security Update : fastjar (openSUSE-SU-2021:1107-1)
The remote SUSE Linux SUSE15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE-SU-2021:1107-1 advisory. - Absolute path traversal vulnerability in the extractjar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite...
CVE-2020-13651
An issue was discovered in DigDash 2018R2 before p20200528, 2019R1 before p20200421, and 2019R2 before p20200430. It allows a user to provide data that will be used to generate the JNLP file used by a client to obtain the right Java application. By providing an attacker-controlled URL, the client...
CVE-2019-19589
The Lever PDF Embedder plugin 4.4 for WordPress does not block the distribution of polyglot PDF documents that are valid JAR archives. Note: It has been argued that "The vulnerability reported in PDF Embedder Plugin is not valid as the plugin itself doesn't control or manage the file upload...
Design/Logic Flaw
DISPUTED The Lever PDF Embedder plugin 4.4 for WordPress does not block the distribution of polyglot PDF documents that are valid JAR archives. Note: It has been argued that "The vulnerability reported in PDF Embedder Plugin is not valid as the plugin itself doesn't control or manage the file...
CVE-2019-19589
The Lever PDF Embedder plugin 4.4 for WordPress does not block the distribution of polyglot PDF documents that are valid JAR archives. Note: It has been argued that "The vulnerability reported in PDF Embedder Plugin is not valid as the plugin itself doesn't control or manage the file upload...
CVE-2019-19589
The CVE-2019-19589 affects the Lever PDF Embedder plugin for WordPress (v4.4). The vulnerability stems from the plugin not blocking polyglot PDF documents that are valid JAR archives during distribution, with the upload process controlled by WordPress core rather than the plugin itself. This mean...