Lucene search
K

9 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-2501

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.01176EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/05/22 3:10 a.m.9 views

CVE-2019-18370

An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. The backup file is in tar.gz format. After uploading, the application uses the tar zxf command to decompress, so one can control the contents of the files in the decompressed directory. In addition, the application's sh...

9.8CVSS7.5AI score0.40295EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2023/09/07 7:42 p.m.31 views

CVE-2023-40584

A flaw was found in ArgoCD, where it failed to properly validate the user-controlled tar.gz file uploaded to the repo-server component. As a result, a maliciously crafted tar.gz file sent by a low-privileged user may result in resource starvation and further denial of service of the ArgoCD server...

6.5CVSS6.6AI score0.01176EPSS
Exploits0References4
Veracode
Veracode
added 2022/12/06 2:28 a.m.9 views

Path Traversal

guarddog is vulnerable to path traversal. The vulnerability exists when extracting the .tar.gz file through the scanlocal function of packagescanner.py, allowing an attacker to write an arbitrary file outside the expected directory by providing a maliciously crafted package...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2022/09/02 10:21 a.m.35 views

Warning: PyPI Feature Executes Code Automatically After Python Package Download

In another finding that could expose developers to increased risk of a supply chain attack, it has emerged that nearly one-third of the packages in PyPI, the Python Package Index, trigger automatic code execution upon downloading them. "A worrying feature in pip/PyPI allows code to automatically...

1.6AI score
Exploits0
Citrix
Citrix
added 2017/12/30 12:0 a.m.7 views

FAQ: Single-Step Upgrade for SD-WAN Appliances to 9.3.x

Question: Should I use .tar.gz, or single step upgrade .zip package to upgrade to 9.3.x from my current version 8.1.x, 9.1.x, 9.2.x? Answer: Use the .tar.gz files of the concerned platforms to upgrade the SD-WAN software to 9.3.x. After the SD-WAN software is upgraded to 9.3.x version, perform...

7.1AI score
Exploits0
0day.today
0day.today
added 2016/09/29 12:0 a.m.27 views

KeepNote 0.7.8 - Remote Command Execution Exploit

Exploit for multiple platform in category local exploits Title : KeepNote 0.7.8 Remote Command Execution Date : 29/09/2016 Author : R-73eN Twitter : https://twitter.com/r73en Tested on : KeepNote 0.7.8 Kali Linux , and Windows 7 Software : http://keepnote.org/index.shtmldownload Vendor :...

6.9AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2012/03/21 10:11 a.m.1 views

CVE-2012-1460

The Gzip file parser in Antiy Labs AVL SDK 2.0.3.7, Quick Heal aka Cat QuickHeal 11.00, Command Antivirus 5.2.11.5, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, and VBA32 3.12.14.2 allows remote attackers to bypass malware detection via a .tar.g...

4.3CVSS5.7AI score0.94539EPSS
Exploits0References5
CVE
CVE
added 2012/03/21 10:0 a.m.78 views

CVE-2012-1461

The CVE-2012-1461 entry documents a vulnerability in the Gzip file parser used by multiple antivirus products (e.g., AVG, Bitdefender, Kaspersky, Symantec Endpoint Protection, Trend Micro, and others) that allows remote attackers to bypass malware detection by delivering a .tar.gz file containing...

4.3CVSS6.6AI score0.91746EPSS
Exploits0References11Affected Software20
Rows per page
Query Builder