46 matches found
CVE-2021-39132
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to version 3.3.14 and version 3.4.3, an authorized user can upload a zip-format plugin with a crafted plugin.yaml, or a crafted aclpolicy yaml file, or upload an untrusted project archive with ...
Authentication flaw
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to version 3.3.14 and version 3.4.3, an authorized user can upload a zip-format plugin with a crafted plugin.yaml, or a crafted aclpolicy yaml file, or upload an untrusted project archive with ...
CVE-2021-39132 YAML deserialization can run untrusted code
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to version 3.3.14 and version 3.4.3, an authorized user can upload a zip-format plugin with a crafted plugin.yaml, or a crafted aclpolicy yaml file, or upload an untrusted project archive with ...
libarchive: Out of bounds read in archive_read_support_format_7zip.c resulting in a denial of service
libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards release v3.0.2 onwards contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archivereadsupportformat7zip.c, headerbytes that can result in a crash denial of service. This attack appears to be...
Jenkins - Remote Code Execution Exploit
Exploit for java platform in category web applications Jenkins - Remote Code Execution Exploit In the exploitation, the target is always escalating the read primitive or write primitive to code execution! From the previous section, we can write malicious JAR file into remote Jenkins server by...
Jenkins Plugin Script Security 1.50Declarative 1.3.4.1Groovy 2.61.1 - Remote Code Execution (PoC)
Jenkins Plugin Script Security 1.50Declarative 1.3.4.1Groovy 2.61.1 - Remote Code Execution PoC In the exploitation, the target is always escalating the read primitive or write primitive to code execution! From the previous section, we can write malicious JAR file into remote Jenkins server by...
Jenkins Plugin Script Security < 1.50/Declarative < 1.3.4.1/Groovy < 2.61.1 - Remote Code Execution (PoC)
In the exploitation, the target is always escalating the read primitive or write primitive to code execution! From the previous section, we can write malicious JAR file into remote Jenkins server by Grape. However, the next problem is how to execute code? By diving into Grape implementation on...
Installer of JTrim may insecurely load Dynamic Link Libraries
Overview Installer of JTrim contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
libarchive heap buffer overflow vulnerability (CNVD-2016-10128)
libarchive is a multi-format archive and compression library. a Heap buffer overflow vulnerability exists in libarchive rchivereadsupportformat7zip.c. This allows an attacker to exploit the vulnerability to execute arbitrary script code in the context of an affected program...
CVE-2016-4300
Integer overflow in the readSubStreamsInfo function in archivereadsupportformat7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow...
The vulnerability of the libarchive library, allowing a hacker to execute arbitrary code
The vulnerability of the libarchive library exists due to the incorrect definition of the compressed file size in the .zip format archive. Exploiting this vulnerability allows a malicious actor to insert arbitrary code into the file header, which will be executed with the privileges of the curren...
ALPINE-CVE-2016-1541
Heap-based buffer overflow in the zipreadmacmetadata function in archivereadsupportformatzip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive...
DEBIAN-CVE-2016-1541
Heap-based buffer overflow in the zipreadmacmetadata function in archivereadsupportformatzip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive...
Memory corruption in libjar through zip files — Mozilla
Security researcher Gustavo Grieco reported a buffer underflow in libjar triggered through a maliciously crafted ZIP format file. This results in a potentially exploitable crash...
Talking about the zip format, the processing logic vulnerability-vulnerability warning-the black bar safety net
Preface: the zip compression format is widely used, various platforms are used, the Windows platform used to compress the file, the Android platform as apk file format. Since the zip file format is more complex, in the parsing of the zip file format, if handled improperly, could lead to some...
Amazon Linux AMI : php55 (ALAS-2015-602)
As reported upstream, A NULL pointer dereference flaw was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash. CVE-2015-7803 A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the...
Amazon Linux AMI : php56 (ALAS-2015-601)
As reported upstream, A NULL pointer dereference flaw was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash. CVE-2015-7803 A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the...
Medium: php55
Issue Overview: As reported upstream https://bugs.php.net/bug.php?id=69720, A NULL pointer dereference flaw was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash. CVE-2015-7803 A flaw was discovered in the way PHP performed object...
PHP 5.6.13 Uninitialized pointer in phar_make_dirstream Vulnerability
Exploit for php platform in category local exploits Description: ------------ When parsing a phar file in zip format pharparsezipfile in ext/phar/zip.c with a directory entry with filename /, the filename length is 1 to start with, but then because it is a directory, it is decremented to 0 line 3...
[oCERT-2014-011] UnZip input sanitization errors
2014-011 UnZip input sanitization errors Description: The UnZip tool is an open source extraction utility for archives compressed in the zip format. The unzip command line tool is affected by heap-based buffer overflows within the CRC32 verification, the testcompreb and the getZip64Data functions...