16 matches found
EUVD-2018-0248
Malware in sbrugna...
EUVD-2014-2027
Malware in sbrugna...
CVE-2018-1002203
unzipper npm library before 0.8.13 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...
K64709522: Multiple Zip Slip vulnerabilities
Security Advisory Description CVE-2018-1002200 plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...
Arbitrary File Write via Archive Extraction in unzipper
Versions of unzipper before 0.8.13 are vulnerable to arbitrary file write when used to extract a specifically crafted archive that contains path traversal filenames ../../file.txt for example. Recommendation Update to version 0.3.18 or later...
GHSA-884W-698F-927F Arbitrary File Write via Archive Extraction in unzipper
Versions of unzipper before 0.8.13 are vulnerable to arbitrary file write when used to extract a specifically crafted archive that contains path traversal filenames ../../file.txt for example. Recommendation Update to version 0.3.18 or later...
unzipper path traversal vulnerability
The unzipper npm library is a Node.js-based package for cross-platform compression. A path traversal vulnerability exists in unzipper npm library versions prior to 0.8.13. The vulnerability can be exploited to write arbitrary files via specially crafted zip archives with directory traversal names...
CVE-2018-1002203
unzipper npm library before 0.8.13 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...
CVE-2018-1002203
unzipper npm library before 0.8.13 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...
CVE-2018-1002203
The unzipper npm library (before 0.8.13) is vulnerable to directory traversal (Zip-Slip) via crafted archive entries with ../, allowing arbitrary file writes during extraction. Root cause: mishandled path normalization in archive extraction. Affected versions are prior to 0.8.13; fix: update to 0...
Node.js third-party modules: Arbitrary File Write through archive extraction
I would like to report arbitrary file write vulnerability in adm-zip module It allows attackers to write arbitrary files when a malicious archive is extracted. More info here: https://snyk.io/research/zip-slip-vulnerability https://github.com/snyk/zip-slip-vulnerabilityaffected-libraries Module...
Unzipper目录遍历漏洞
Bugtraq ID:66250 CVE ID:CVE-2014-1975 Unzipper是一款基于PHP的在线解压应用。 Unzipper处理文件名存在目录遍历漏洞,允许远程攻击者可创建任意文件或覆盖已存在的文件。 0 Unzipper 1.0.1 用户可联系厂商获得最新的补丁或升级程序: https://play.google.com/store/apps/details?id=org.rhorita777.unzipper...
CVE-2014-1975
CVE-2014-1975 affects Unzipper (Android) by R-Company, version 1.0.1 and earlier. It is a directory traversal vulnerability that allows a remote attacker to overwrite or create arbitrary files via a crafted filename, enabling arbitrary file write in the app’s privileges. Affected: Unzipper 1.0.1 ...
CVE-2014-1975
Directory traversal vulnerability in the R-Company Unzipper application 1.0.1 and earlier for Android allows remote attackers to overwrite or create arbitrary files via a crafted filename...
Unzipper vulnerable to directory traversal
Overview Unzipper provided by R-Company contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Ryohei Koike of Sakura Information Systems Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...
JVN#38227002: Unzipper vulnerable to directory traversal
Unzipper provided by R-Company contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Impact A remote, unauthenticated attacker may create an arbitrary file or overwrite an existing file in a directory that the application has privileges to...