36 matches found
EUVD-2024-55537
Koha Library before 23.05.10 fails to sanitize user-controllable filenames prior to unzipping, leading to remote code execution. The line "qx/unzip $filename -d $dirname/;" in upload-cover-image.pl is vulnerable to command injection via shell metacharacters because input data can be controlled by...
EUVD-2020-12729
Malware in sbrugna...
EUVD-2025-4578
Malicious code in bioql PyPI...
CVE-2023-28105
go-used-util has commonly used utility functions for Go. Versions prior to 0.0.34 have a ZipSlip issue when using fsutil package to unzip files. When users use zip.Unzip to unzip zip files from a malicious attacker, they may be vulnerable to path traversal. The issue has been fixed in version...
CVE-2024-11343
In Progress® Telerik® Document Processing Libraries, versions prior to 2025 Q1 2025.1.205, unzipping an archive can lead to arbitrary file system access...
CVE-2024-11343
In Progress® Telerik® Document Processing Libraries, versions prior to 2025 Q1 2025.1.205, unzipping an archive can lead to arbitrary file system access...
The Updated APT Playbook: Tales from the Kimsuky threat actor group
Co-authors are Christiaan Beek and Raj Samani Within Rapid7 Labs we continually track and monitor threat groups. This is one of our key areas of focus as we work to ensure that our ability to protect customers remains constant. As part of this process, we routinely identify evolving tactics from...
GO-2023-1640 Path traversal when unzipping files in github.com/dablelv/go-huge-util
Path traversal when unzipping files in github.com/dablelv/go-huge-util...
EPA Scan failure on MacOS with error message "Error during unzipping libraries"
EPA scan failed on MacOS client withfollowing errors in "/Library/Application Support/Citrix/EPAPlugin/ " logs: Error during unzipping libraries NSAppleScriptErrorAppName = CitrixEndpointAnalysis; NSAppleScriptErrorBriefMessage = "unzip: cannot find or open 1/Library/Application...
XZ 安全漏洞
xz is a software application. It is used to support reading and writing xz compressed streams. A security vulnerability exists in XZ Utils version 5.2.5, which stems from a vulnerability that allows an attacker to cause a denial of service by unzipping specially crafted files...
Goutil vulnerable to path traversal when unzipping files
Impact ZipSlip issue when use fsutil package to unzip files. When users use fsutil.Unzip to unzip zip files from a malicious attacker, they may be vulnerable to path traversal. Patches It has been fixed in v0.6.0, Please upgrade version to v0.6.0 or above. Workarounds No, users have to upgrade...
Lancet vulnerable to path traversal when unzipping files
Impact What kind of vulnerability is it? Who is impacted? ZipSlip issue when use fileutil package to unzip files. Patches Has the problem been patched? What versions should users upgrade to? It will fixed in v2.1.10, Please upgrade version to v2.1.10 or above. Users who use v1.x.x should upgrade...
GHSA-PP3F-XRW5-Q5J4 Lancet vulnerable to path traversal when unzipping files
Impact What kind of vulnerability is it? Who is impacted? ZipSlip issue when use fileutil package to unzip files. Patches Has the problem been patched? What versions should users upgrade to? It will fixed in v2.1.10, Please upgrade version to v2.1.10 or above. Users who use v1.x.x should upgrade...
Arbitrary File Write
zip-local is vulnerable to arbitrary file write aka zip-slip vulnerability. The unsynchronously unzipping leads to extraction of a malicious file outside the intended extraction directory...
CVE-2021-41547
A vulnerability has been identified in Teamcenter Active Workspace V4.3 All versions V4.3.11, Teamcenter Active Workspace V5.0 All versions V5.0.10, Teamcenter Active Workspace V5.1 All versions V5.1.6, Teamcenter Active Workspace V5.2 All versions V5.2.3. The application contains an unsafe...
Gatekeeper Bypass Proof Of Concept
!/bin/zsh -e This script will create a zip file exploiting CVE-2021-1810 by creating a directory hierarchy deep enough for Archive Utility to fail setting quarantine attributes on certain files while also making some path names long enough to prevent Safari automating unzipping from unpacking the...
CVE-2021-24035
A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v2.21.8.13 could have allowed path traversal attacks that overwrite WhatsApp files...
Path traversal
A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v2.21.8.13 could have allowed path traversal attacks that overwrite WhatsApp files...
CVE-2021-24035
A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v2.21.8.13 could have allowed path traversal attacks that overwrite WhatsApp files...
Denial Of Service (DoS)
moodle/moodle is vulnerable to denial of service DoS. The vulnerability exists as the available user quota was not checked against the decompressed size of zip files before unzipping them...