Lucene search
K

5 matches found

Vulnrichment
Vulnrichment
added 2026/06/28 1:32 a.m.36 views

CVE-2026-58052 7-Zip - Mark-of-the-Web Bypass via RAR5 Alternate Data Stream Name Collision

7-Zip for Windows through 26.01 fails to preserve the Mark-of-the-Web when extracting a crafted RAR5 archive, because its guard that suppresses an archive-supplied Zone.Identifier stream matches the exact name 'Zone.Identifier' while a RAR5 STM record named ':Zone.Identifier:$DATA' is not matched...

4.8CVSS6.1AI score0.00119EPSS
Exploits0References3
OSV
OSV
added 2026/06/05 3:16 p.m.4 views

ALPINE-CVE-2026-48095

7-Zip is a file archiver with a high compression ratio. Versions 26.00 and prior contain a heap buffer overflow vulnerability caused by an under-allocation in the NTFS compressed stream buffer GetCuSize shift UB, potentially allowing attackers to cause arbitrary code execution or application...

8.8CVSS6.3AI score0.00938EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.245 views

MS10-065 Microsoft IIS 5 NTFS Stream Authentication Bypass

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MS10-065 Microsoft IIS 5 NTFS Stream Authentication Bypass', 'Description' = %q This module bypasses basic authentication for Internet Informatio...

6.8CVSS7AI score0.31118EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2012/07/02 12:0 a.m.1533 views

Microsoft IIS 6.0 PHP NTFS Stream Authentication Bypass

The version of Microsoft IIS installed on the remote host is affected by an authentication bypass vulnerability. It is possible to access PHP files in protected web directories without authentication by appending '::$INDEXALLOCATION' to the directory name. %NASLMINLEVEL 70300 C Tenable Network...

5.6AI score
Exploits0References2
Metasploit
Metasploit
added 2012/06/25 8:48 p.m.81 views

MS10-065 Microsoft IIS 5 NTFS Stream Authentication Bypass

This module bypasses basic authentication for Internet Information Services IIS. By appending the NTFS stream name to the directory name in a request, it is possible to bypass authentication. This module requires Metasploit: https://metasploit.com/download Current source:...

6.8CVSS7.2AI score0.31118EPSS
Exploits3
Rows per page
Query Builder