86 matches found
Opto 22 SoftPAC Project Data Forgery Issue Vulnerability (CNVD-2020-29560)
Opto 22 SoftPAC Project is an automation software suite from Opto 22 USA. The product is capable of providing industrial automation, process control, building automation, remote monitoring, data acquisition and industrial IoT. A data forgery issue vulnerability exists in Opto 22 SoftPAC Project...
ALPINE-CVE-2020-1737
A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the winunzip module as the extracted files are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive...
CVE-2019-12169
ATutor 2.2.4 allows Arbitrary File Upload and Directory Traversal, resulting in remote code execution via a ".." pathname in a ZIP archive to the mods/core/languages/languageimport.php aka Import New Language or mods/standard/patcher/indexadmin.php aka Patcher component...
rubyzip Zip::File component path traversal vulnerability
The rubyzip gem is a Ruby library for reading and writing zip files. zip::File is one of the components for unzipping files. A directory traversal vulnerability exists in the Zip::File component in rubyzip 1.2.1 and earlier versions. An attacker can exploit this vulnerability by uploading a...
UBUNTU-CVE-2017-1000472
The ZipCommon::isValidPath function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path traversal attacks during the ZIP decompression, and possibly create or overwrite arbitrary...
Express Zip 2.40 - Directory Traversal
Express Zip 2.40 - Directory Traversal !/usr/bin/python -w Title : Express Zip = 2.40 Path Traversal Date : 07/04/2016 Author : R-73eN Tested on : Windows Xp / Windows 7 Ultimate Software Link : http://www.nchsoftware.com/zip/ Download Link: http://www.nchsoftware.com/zip/zipplus.exe Vulnerable...