EUVD-2020-4049

Malware in sbrugna...

CVE-2020-11707

An issue was discovered in ProVide formerly zFTPServer through 13.1. It doesn't enforce permission over Windows Symlinks or Junctions. As a result, a low-privileged user non-admin can craft a Junction Link in a directory he has full control of, breaking out of the sandbox...

GHSA-GX2C-FVHC-PH4J Path traversal in Hadoop

In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes. As a result, a TAR entry may create a symlink under the expected extraction directory which points to an external directory. A subsequent TAR entry may extract an...

CVE-2020-11707

An issue was discovered in ProVide formerly zFTPServer through 13.1. It doesn't enforce permission over Windows Symlinks or Junctions. As a result, a low-privileged user non-admin can craft a Junction Link in a directory he has full control of, breaking out of the sandbox...

Design/Logic Flaw

An issue was discovered in ProVide formerly zFTPServer through 13.1. It doesn't enforce permission over Windows Symlinks or Junctions. As a result, a low-privileged user non-admin can craft a Junction Link in a directory he has full control of, breaking out of the sandbox...

CVE-2020-11707

An issue was discovered in ProVide formerly zFTPServer through 13.1. It doesn't enforce permission over Windows Symlinks or Junctions. As a result, a low-privileged user non-admin can craft a Junction Link in a directory he has full control of, breaking out of the sandbox...

CVE-2020-11707

CVE-2020-11707 affects ProVide (formerly zFTPServer) up to version 13.1. The issue is that Windows Symlinks/Junctions permissions are not enforced, allowing a low-privilege user who has directory control to craft a Junction Link and break out of the sandbox. Exploitation details and impact are de...