CVE-2025-63372

The CVE-2025-63372 entry describes Articentgroup Zip Rar Extractor Tool 1.345.93.0 as vulnerable to a Directory Traversal flaw in its ZIP file processing/extraction logic. The underlying issue is within the ZIP archive handling component, enabling traversal of directory paths during extraction, w...

CVE-2025-63371

Milos Paripovic OneCommander 3.102.0.0 is vulnerable to Directory Traversal. The vulnerability resides in the ZIP file processing component, specifically in the functionality responsible for extracting and handling ZIP archive contents...

PT-2025-47535

Name of the Vulnerable Software and Affected Versions OneCommander version 3.102.0.0 Description OneCommander version 3.102.0.0 contains a flaw in the ZIP file processing component. This issue relates to how the software handles ZIP archive contents during extraction, potentially allowing for...

WinRAR 安全漏洞

WinRAR is a file compressor from WinRAR. The product supports compression and decompression of files in RAR, ZIP, and other formats, among others. A security vulnerability exists in WinRAR that stems from a path traversal issue that could lead to arbitrary code execution...

Apple Safari SandboxBroker ZIP File Processing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processin...

CVE-2025-32370

Kentico Xperience before 13.0.178 has a specific set of allowed ContentUploader file extensions for unauthenticated uploads; however, because .zip is processed through TryZipProviderSafe, there is additional functionality to create files with other extensions. NOTE: this is a separate issue not...

Relative Path Traversal

org.apache.solr, solr-core is vulnerable to Relative Path Traversal. The vulnerability is due to a lack of input sanitization in the "configset upload" API, which allows the arbitrary filepath write-access when processing ZIP files...

Softing Secure Integration Server 1.22 Remote Code Execution Exploit

This Metasploit module chains two vulnerabilities to achieve authenticated remote code execution against Softing Secure Integration Server version 1.22. In CVE-2022-1373, the restore configuration feature is vulnerable to a directory traversal vulnerability when processing zip files. When using t...

CVE-2022-35873

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 b2022030114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...

CVE-2016-1000282

Haraka version 2.8.8 and earlier comes with a plugin for processing attachments for zip files. Versions 2.8.8 and earlier can be vulnerable to command injection...

openSUSE Security Update : java-1_6_0-openjdk (openSUSE-2012-136)

update to version 1.11.1 to fix several security issues : - S7082299, CVE-2011-3571: Fix in AtomicReferenceArray - S7088367, CVE-2011-3563: Fix issues in java sound - S7110683, CVE-2012-0502: Issues with some KeyboardFocusManager method - S7110687, CVE-2012-0503: Issues with TimeZone class -...

java-1.6.0-openjdk security update

1.6.0.0-1.25.1.10.6.0.1.el58 - Add oracle-enterprise.patch 1:1.6.0.0-1.25.1.10.6 - Updated to IcedTea6 1.10.6 - Resolves: rhbz787142 - Security fixes - S7082299: Fix in AtomicReferenceArray - S7088367: Fix issues in java sound - S7110683: Issues with some KeyboardFocusManager method - S7110687:...

java-1_6_0-openjdk: Update to iced tea 1.11.1 b24 security release (important)

java-160-openjdk was updated to the b24 release, fixing multiple security issues: Security fixes - S7082299, CVE-2011-3571: Fix inAtomicReferenceArray - S7088367, CVE-2011-3563: Fix issues in java sound - S7110683, CVE-2012-0502: Issues with some KeyboardFocusManager method - S7110687,...

Fedora 15 : java-1.6.0-openjdk-1.6.0.0-63.1.10.6.fc15 (2012-1721)

The update contains the following security fixes : - S7082299, CVE-2011-3571: Fix in AtomicReferenceArray - S7088367, CVE-2011-3563: Fix issues in java sound - S7110683, CVE-2012-0502: Issues with some KeyboardFocusManager method - S7110687, CVE-2012-0503: Issues with TimeZone class - S7110700,...

Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2012:021)

Multiple security issues were identified and fixed in OpenJDK icedtea6 : Fix issues in java sound CVE-2011-3563. Fix in AtomicReferenceArray CVE-2011-3571. Add property to limit number of request headers to the HTTP Server CVE-2011-5035. Incorect checking for graphics rendering object...

java-1.6.0-openjdk security update

1:1.6.0.0-1.43.1.10.6 - Updated to IcedTea6 1.10.6 - Resolves: rhbz787144 - Security fixes - S7082299: Fix in AtomicReferenceArray - S7088367: Fix issues in java sound - S7110683: Issues with some KeyboardFocusManager method - S7110687: Issues with TimeZone class - S7110700: Enhance exception...

R7-0004: Multiple Vendor Long ZIP Entry Filename Processing

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rapid 7, Inc. Security Advisory Visit http://www.rapid7.com/ to download NeXposetm, our advanced vulnerability scanner. Linux and Windows 2000 versions are available now! Rapid 7 Advisory R7-0004 Multiple Vendor Long ZIP Entry Filename Processing Issu...

Дырки в Norton Antivirus for Exchange

Переполнение буфера при обработке ZIP-файлов...