4 matches found
CVE-2026-2343
The CVE-2026-2343 entry concerns the PeproDev Ultimate Invoice WordPress plugin (versions up to 2.2.5). A bulk download invoices action creates ZIP archives of exported invoice PDFs with predictably named files, enabling an attacker to brute force and retrieve PII. The flaw is exploitable without...
EUVD-2011-5243
Malware in sbrugna...
unzip-bot 操作系统命令注入漏洞
unzip-bot is a Telegram bot used by EDM115 to extract various types of archives. An operating system command injection vulnerability exists in versions prior to unzip-bot 7.0.3a, which stems from improper input cleanup and allows a user to inject malicious commands via constructed zip file names,...
UBUNTU-CVE-2020-23171
A vulnerability in all versions of Nim-lang allows unauthenticated attackers to write files to arbitrary directories via a crafted zip file with dot-slash characters included in the name of the crafted file...