5 matches found
CVE-2026-58052 7-Zip - Mark-of-the-Web Bypass via RAR5 Alternate Data Stream Name Collision
7-Zip for Windows through 26.01 fails to preserve the Mark-of-the-Web when extracting a crafted RAR5 archive, because its guard that suppresses an archive-supplied Zone.Identifier stream matches the exact name 'Zone.Identifier' while a RAR5 STM record named ':Zone.Identifier:$DATA' is not matched...
ALPINE-CVE-2026-48095
7-Zip is a file archiver with a high compression ratio. Versions 26.00 and prior contain a heap buffer overflow vulnerability caused by an under-allocation in the NTFS compressed stream buffer GetCuSize shift UB, potentially allowing attackers to cause arbitrary code execution or application...
MS10-065 Microsoft IIS 5 NTFS Stream Authentication Bypass
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MS10-065 Microsoft IIS 5 NTFS Stream Authentication Bypass', 'Description' = %q This module bypasses basic authentication for Internet Informatio...
Microsoft IIS 6.0 PHP NTFS Stream Authentication Bypass
The version of Microsoft IIS installed on the remote host is affected by an authentication bypass vulnerability. It is possible to access PHP files in protected web directories without authentication by appending '::$INDEXALLOCATION' to the directory name. %NASLMINLEVEL 70300 C Tenable Network...
MS10-065 Microsoft IIS 5 NTFS Stream Authentication Bypass
This module bypasses basic authentication for Internet Information Services IIS. By appending the NTFS stream name to the directory name in a request, it is possible to bypass authentication. This module requires Metasploit: https://metasploit.com/download Current source:...