9 matches found
EUVD-2023-2501
Malicious code in bioql PyPI...
CVE-2019-18370
An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. The backup file is in tar.gz format. After uploading, the application uses the tar zxf command to decompress, so one can control the contents of the files in the decompressed directory. In addition, the application's sh...
CVE-2023-40584
A flaw was found in ArgoCD, where it failed to properly validate the user-controlled tar.gz file uploaded to the repo-server component. As a result, a maliciously crafted tar.gz file sent by a low-privileged user may result in resource starvation and further denial of service of the ArgoCD server...
Path Traversal
guarddog is vulnerable to path traversal. The vulnerability exists when extracting the .tar.gz file through the scanlocal function of packagescanner.py, allowing an attacker to write an arbitrary file outside the expected directory by providing a maliciously crafted package...
Warning: PyPI Feature Executes Code Automatically After Python Package Download
In another finding that could expose developers to increased risk of a supply chain attack, it has emerged that nearly one-third of the packages in PyPI, the Python Package Index, trigger automatic code execution upon downloading them. "A worrying feature in pip/PyPI allows code to automatically...
FAQ: Single-Step Upgrade for SD-WAN Appliances to 9.3.x
Question: Should I use .tar.gz, or single step upgrade .zip package to upgrade to 9.3.x from my current version 8.1.x, 9.1.x, 9.2.x? Answer: Use the .tar.gz files of the concerned platforms to upgrade the SD-WAN software to 9.3.x. After the SD-WAN software is upgraded to 9.3.x version, perform...
KeepNote 0.7.8 - Remote Command Execution Exploit
Exploit for multiple platform in category local exploits Title : KeepNote 0.7.8 Remote Command Execution Date : 29/09/2016 Author : R-73eN Twitter : https://twitter.com/r73en Tested on : KeepNote 0.7.8 Kali Linux , and Windows 7 Software : http://keepnote.org/index.shtmldownload Vendor :...
CVE-2012-1460
The Gzip file parser in Antiy Labs AVL SDK 2.0.3.7, Quick Heal aka Cat QuickHeal 11.00, Command Antivirus 5.2.11.5, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, and VBA32 3.12.14.2 allows remote attackers to bypass malware detection via a .tar.g...
CVE-2012-1461
The CVE-2012-1461 entry documents a vulnerability in the Gzip file parser used by multiple antivirus products (e.g., AVG, Bitdefender, Kaspersky, Symantec Endpoint Protection, Trend Micro, and others) that allows remote attackers to bypass malware detection by delivering a .tar.gz file containing...