20 matches found
EUVD-2026-42904
Grav before 2.0.1 contains a decompression bomb vulnerability in ZipArchiver::extract that lacks limits on uncompressed size, file count, and nesting depth. Attackers can supply a crafted ZIP archive that expands to fill available disk space, causing denial of service by exhausting storage...
Zdir Pro 安全漏洞
Zdir Pro is a multi-functional private storage program developed by Zdir Pro Company in China. The version 4.x of Zdir Pro contains a security vulnerability. This vulnerability stems from a path traversal vulnerability in the ZIP extraction API, which may lead to file writes being performed outsi...
Path Traversal
MONAI is vulnerable to a Path Traversal. The vulnerability is due to the use of zipfile.ZipFile.extractall without proper path validation in the downloadfromngcprivate function, which allows an attacker to craft a malicious ZIP archive that writes files outside the intended extraction directory a...
EUVD-2019-4748
Malware in sbrugna...
EUVD-2019-3946
Malware in sbrugna...
EUVD-2014-8619
Malware in sbrugna...
GO-2025-3808 Chall-Manager is vulnerable to Path Traversal when extracting/decoding a zip archive in github.com/ctfer-io/chall-manager
Chall-Manager is vulnerable to Path Traversal when extracting/decoding a zip archive in github.com/ctfer-io/chall-manager...
CVE-2024-45436
extractFromZipFile in model.go in Ollama before 0.1.47 can extract members of a ZIP archive outside of the parent directory...
CVE-2019-13082
Chamilo LMS 1.11.8 and 2.x allows remote code execution through an lpupload.php unauthenticated file upload feature. It extracts a ZIP archive before checking its content, and once it has been extracted, does not check files in a recursive way. This means that by putting a .php file in a folder a...
CVE-2024-45436
extractFromZipFile in model.go in Ollama before 0.1.47 can extract members of a ZIP archive outside of the parent directory...
CVE-2022-44748 Uploading workflows to KNIME Server may override arbitrary file system contents
A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Server since 4.3.0 can result in arbitrary files being overwritten on the server's file system. This vulnerability is also known as 'Zip-Slip'. An attacker can create a KNIME workflow that, when being uploaded, ca...
PT-2022-27299 · Knime · Knime Analytics Platform
Name of the Vulnerable Software and Affected Versions: KNIME Analytics Platform versions 3.2.0 and above Description: A directory traversal vulnerability in the ZIP archive extraction routines can result in arbitrary files being overwritten on the user's system, also known as 'Zip-Slip'. An...
CVE-2020-10859
Zoho ManageEngine Desktop Central before 10.0.484 allows authenticated arbitrary file writes during ZIP archive extraction via Directory Traversal in a crafted AppDependency API request...
Directory traversal
Zoho ManageEngine Desktop Central before 10.0.484 allows authenticated arbitrary file writes during ZIP archive extraction via Directory Traversal in a crafted AppDependency API request...
CVE-2020-10859
The CVE-2020-10859 entry applies to Zoho ManageEngine Desktop Central (before 10.0.484). The vulnerability is a Directory Traversal in the AppDependency API that, when an authenticated user issues a crafted ZIP extraction request, allows arbitrary file writes on the target system. This is trigger...
typo3 -- multiple vulnerabilities
Typo3 core team reports: It has been discovered that the output of field validation errors in the Form Framework is vulnerable to cross-site scripting. It has been discovered that t3:// URL handling and typolink functionality are vulnerable to cross-site scripting. Not only regular backend forms...
Directory traversal
FlightCrew v0.9.2 and older are vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ dot dot slash in a ZIP archive entry that is mishandled during extraction...
CVE-2019-12309
dotCMS before 5.1.0 has a path traversal vulnerability exploitable by an administrator to create files. The vulnerability is caused by the insecure extraction of a ZIP archive...
DEBIAN-CVE-2018-1002209
QuaZIP before 0.7.6 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...
CVE-2017-9442
BigTree CMS (versions up to 4.2.18) is affected by CVE-2017-9442. Remote authenticated users can execute arbitrary code by uploading a crafted package containing a PHP web shell, via ZIP extraction to file name patterns under cache/package/xxx/yyy.php. The issue exists in core/admin/modules/devel...