Lucene search
+L

46 matches found

OSV
OSV
added 2021/08/30 8:15 p.m.24 views

CVE-2021-39132

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to version 3.3.14 and version 3.4.3, an authorized user can upload a zip-format plugin with a crafted plugin.yaml, or a crafted aclpolicy yaml file, or upload an untrusted project archive with ...

8.8CVSS8.8AI score
Exploits0References2
Prion
Prion
added 2021/08/30 8:15 p.m.18 views

Authentication flaw

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to version 3.3.14 and version 3.4.3, an authorized user can upload a zip-format plugin with a crafted plugin.yaml, or a crafted aclpolicy yaml file, or upload an untrusted project archive with ...

6.5CVSS8.8AI score0.01426EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/08/30 7:35 p.m.31 views

CVE-2021-39132 YAML deserialization can run untrusted code

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to version 3.3.14 and version 3.4.3, an authorized user can upload a zip-format plugin with a crafted plugin.yaml, or a crafted aclpolicy yaml file, or upload an untrusted project archive with ...

8.8CVSS9AI score0.01426EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2019/08/06 1:39 p.m.37 views

libarchive: Out of bounds read in archive_read_support_format_7zip.c resulting in a denial of service

libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards release v3.0.2 onwards contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archivereadsupportformat7zip.c, headerbytes that can result in a crash denial of service. This attack appears to be...

6.5CVSS6.4AI score0.03407EPSS
Exploits1References4
0day.today
0day.today
added 2019/02/20 12:0 a.m.26 views

Jenkins - Remote Code Execution Exploit

Exploit for java platform in category web applications Jenkins - Remote Code Execution Exploit In the exploitation, the target is always escalating the read primitive or write primitive to code execution! From the previous section, we can write malicious JAR file into remote Jenkins server by...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2019/02/19 12:0 a.m.26 views

Jenkins Plugin Script Security 1.50Declarative 1.3.4.1Groovy 2.61.1 - Remote Code Execution (PoC)

Jenkins Plugin Script Security 1.50Declarative 1.3.4.1Groovy 2.61.1 - Remote Code Execution PoC In the exploitation, the target is always escalating the read primitive or write primitive to code execution! From the previous section, we can write malicious JAR file into remote Jenkins server by...

Exploits0
Exploit DB
Exploit DB
added 2019/02/19 12:0 a.m.172 views

Jenkins Plugin Script Security < 1.50/Declarative < 1.3.4.1/Groovy < 2.61.1 - Remote Code Execution (PoC)

In the exploitation, the target is always escalating the read primitive or write primitive to code execution! From the previous section, we can write malicious JAR file into remote Jenkins server by Grape. However, the next problem is how to execute code? By diving into Grape implementation on...

7.4AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/03/05 5:7 a.m.4 views

Installer of JTrim may insecurely load Dynamic Link Libraries

Overview Installer of JTrim contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

9.3CVSS6.8AI score0.0091EPSS
Exploits0References6
CNVD
CNVD
added 2016/10/20 12:0 a.m.7 views

libarchive heap buffer overflow vulnerability (CNVD-2016-10128)

libarchive is a multi-format archive and compression library. a Heap buffer overflow vulnerability exists in libarchive rchivereadsupportformat7zip.c. This allows an attacker to exploit the vulnerability to execute arbitrary script code in the context of an affected program...

7.5CVSS7.9AI score0.03283EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2016/09/21 2:25 p.m.5 views

CVE-2016-4300

Integer overflow in the readSubStreamsInfo function in archivereadsupportformat7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow...

7.8CVSS6.6AI score0.04919EPSS
Exploits2References14
BDU FSTEC
BDU FSTEC
added 2016/05/11 12:0 a.m.8 views

The vulnerability of the libarchive library, allowing a hacker to execute arbitrary code

The vulnerability of the libarchive library exists due to the incorrect definition of the compressed file size in the .zip format archive. Exploiting this vulnerability allows a malicious actor to insert arbitrary code into the file header, which will be executed with the privileges of the curren...

9.3CVSS7.8AI score0.10284EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2016/05/07 10:59 a.m.4 views

ALPINE-CVE-2016-1541

Heap-based buffer overflow in the zipreadmacmetadata function in archivereadsupportformatzip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive...

8.8CVSS8.4AI score0.10284EPSS
Exploits1References1
OSV
OSV
added 2016/05/07 10:59 a.m.1 views

DEBIAN-CVE-2016-1541

Heap-based buffer overflow in the zipreadmacmetadata function in archivereadsupportformatzip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive...

8.8CVSS9.1AI score0.10284EPSS
Exploits1References1
Mozilla
Mozilla
added 2015/11/03 12:0 a.m.37 views

Memory corruption in libjar through zip files — Mozilla

Security researcher Gustavo Grieco reported a buffer underflow in libjar triggered through a maliciously crafted ZIP format file. This results in a potentially exploitable crash...

7.5CVSS9AI score0.04229EPSS
Exploits0References2Affected Software3
myhack58
myhack58
added 2015/10/23 12:0 a.m.28 views

Talking about the zip format, the processing logic vulnerability-vulnerability warning-the black bar safety net

Preface: the zip compression format is widely used, various platforms are used, the Windows platform used to compress the file, the Android platform as apk file format. Since the zip file format is more complex, in the parsing of the zip file format, if handled improperly, could lead to some...

Exploits0
Tenable Nessus
Tenable Nessus
added 2015/10/22 12:0 a.m.71 views

Amazon Linux AMI : php55 (ALAS-2015-602)

As reported upstream, A NULL pointer dereference flaw was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash. CVE-2015-7803 A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the...

9.8CVSS8.1AI score0.46801EPSS
Exploits7References10
Tenable Nessus
Tenable Nessus
added 2015/10/22 12:0 a.m.48 views

Amazon Linux AMI : php56 (ALAS-2015-601)

As reported upstream, A NULL pointer dereference flaw was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash. CVE-2015-7803 A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the...

9.8CVSS8.1AI score0.46801EPSS
Exploits7References10
Amazon
Amazon
added 2015/10/20 12:0 a.m.81 views

Medium: php55

Issue Overview: As reported upstream https://bugs.php.net/bug.php?id=69720, A NULL pointer dereference flaw was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash. CVE-2015-7803 A flaw was discovered in the way PHP performed object...

9.8CVSS9.1AI score0.46801EPSS
Exploits7
0day.today
0day.today
added 2015/10/05 12:0 a.m.43 views

PHP 5.6.13 Uninitialized pointer in phar_make_dirstream Vulnerability

Exploit for php platform in category local exploits Description: ------------ When parsing a phar file in zip format pharparsezipfile in ext/phar/zip.c with a directory entry with filename /, the filename length is 1 to start with, but then because it is a directory, it is decremented to 0 line 3...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2014/12/23 12:0 a.m.73 views

[oCERT-2014-011] UnZip input sanitization errors

2014-011 UnZip input sanitization errors Description: The UnZip tool is an open source extraction utility for archives compressed in the zip format. The unzip command line tool is affected by heap-based buffer overflows within the CRC32 verification, the testcompreb and the getZip64Data functions...

0.4AI score0.07448EPSS
Exploits0
Rows per page
Query Builder