6 matches found
CVE-2023-5965 Unrestricted Upload of File with Dangerous Type in EspoCRM
An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the update form, which could lead to arbitrary PHP code execution...
Updated unzip packages fix security vulnerability
Improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. CVE-2021-4217 Conversion of a wide string to a local string that leads to a heap of out-of-bound write. Thi...
Security update for apache-commons-compress (important)
openSUSE Security Update: Security update for apache-commons-compress Announcement ID: openSUSE-SU-2021:1115-1 Rating: important References: 1188463 1188464 1188465 1188466 Cross-References: CVE-2021-35515 CVE-2021-35516 CVE-2021-35517 CVE-2021-36090 CVSS scores: CVE-2021-35515 NVD : 7.5...
plexus security update
CentOS Errata and Security Advisory CESA-2018:1836 An update for plexus-archiver is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
globalSCAPE CuteZIP Stack Buffer Overflow
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex/zip' cla...
GLSA-200804-06 : UnZip: User-assisted execution of arbitrary code
The remote host is affected by the vulnerability described in GLSA-200804-06 UnZip: User-assisted execution of arbitrary code Tavis Ormandy of the Google Security Team discovered that the NEEDBITS macro in the inflatedynamic function in the file inflate.c can be invoked using invalid buffers, whi...