36 matches found
CVE-2023-53868
Coppermine Gallery 1.6.25 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the plugin manager. Attackers can upload a zipped PHP file with system commands to the plugin directory and execute arbitrary code by accessing the...
PT-2025-51286
Name of the Vulnerable Software and Affected Versions Coppermine Gallery version 1.6.25 Description Coppermine Gallery version 1.6.25 has a remote code execution issue. Authenticated attackers can upload malicious PHP files through the plugin manager. Attackers can upload a zipped PHP file...
Allegra 路径遍历漏洞
Allegra is a project management software for mid-sized organizations from Allegra. Allegra suffers from a path traversal vulnerability that stems from the extarctZippedFile feature containing a directory traversal remote code execution vulnerability...
SUSE CVE-2008-5346
Unspecified vulnerability in Java Runtime Environment JRE for Sun JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.218 and earlier; and SDK and JRE 1.3.123 or earlier allows untrusted applets and applications to read arbitrary memory via a crafted ZIP file...
CVE-2022-40976
The CVE-2022-40976 entry concerns a zip-slip path traversal in multiple Pilz products. An unauthenticated local attacker could supply a zipped, malicious configuration file to trigger arbitrary file writes during extraction. The impact is limited to file writes ; the description notes that confid...
IBM Data Risk Manager Arbitrary File Download
IBM Data Risk Manager IDRM contains two vulnerabilities that can be chained by an unauthenticated attacker to download arbitrary files off the system. The first is an unauthenticated bypass, followed by a path traversal. This module exploits both vulnerabilities, giving an attacker the ability to...
Metamorfo Banking Trojan Keeps Its Sights on Brazil
This blog post was authored by Edmund Brumaghin, Warren Mercer, Paul Rascagneres, and Vitor Ventura. Executive Summary Financially motivated cybercriminals have used banking trojans for years to steal sensitive financial information from victims. They are often created to gather credit card...
Man In The Middle (MitM)
cue-sdk-node is vulnerable to man-in-the-middle MitM attacks. This is because the libraries download zipped resources via HTTP, allowing MitM attacks. It may also cause remote code execution RCE by swapping out the requested zipped file with an attacker controlled zipped file if the attacker is o...
CVE-2015-7888
Directory traversal vulnerability in the WifiHs20UtilityService on the Samsung S6 Edge LRX22G.G925VVRU1AOE2 allows remote attackers to overwrite or create arbitrary files as the system-level user via a .. dot dot in the name of a file, compressed into a zipped file named cred.zip, and downloaded ...
IBM Tivoli Endpoint 4.1.1 Remote SYSTEM Exploit
See attached, zipped in hopes that it doesn't get flagged as malicious/spam :P Thanks, Jeremy...
FTP Server Zipped .rtf File Uploaded
Binary data 4057.prm...
FTP Server Zipped .ost File Uploaded
Binary data 4066.prm...
FTP Server Zipped .ppt File Uploaded
Binary data 4055.prm...
FTP Server Zipped .divx File Uploaded
Binary data 4064.prm...
FTP Server Zipped .wav File Uploaded
Binary data 4059.prm...
FTP Server Zipped .uni File Detection
Binary data 4051.prm...
FTP Server Zipped .mpg File Detection
Binary data 4047.prm...
FTP Server Zipped .doc File Uploaded
Binary data 4054.prm...
FTP Server Zipped .divx File Detection
Binary data 4048.prm...
FTP Server Zipped .pst File Detection
Binary data 4049.prm...