![]() The only file that Goomph extracts is the p2 bootstrapper and eclipse metadata files hosted at, which are not malicious, so the only way this vulnerability could have affected you is if you had set a custom bootstrap zip, and that zip was malicious.Īll versions of package :one-java-agent-plugin are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) using a specially crafted archive that holds directory traversal filenames (e.g././evil.exe). **Note:** This could have allowed a malicious zip file to extract itself into an arbitrary directory. Overwriting certain files/directories could allow an attacker to achieve remote code execution on a target system by exploiting this vulnerability. It allows a malicious zip file to potentially break out of the expected destination directory, writing contents into arbitrary locations on the file system. ![]() This affects the package :goomph before 3.37.2. nats-streaming-server before 0.24.3 is also affected. NATS nats-server before 2.7.4 allows Directory Traversal (with write access) via an element in a ZIP archive for JetStream streams. The Import any XML or CSV File to WordPress plugin before 3.6.9 is not validating the paths of files contained in uploaded zip archives, allowing highly privileged users, such as admins, to write arbitrary files to any part of the file system accessible by the web server via a path traversal vector. An attacker could repeatedly upload a malicious zip file, which would allow them to exhaust memory resources on the dispatch server. Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would load portions of maliciously crafted zip files to memory. An authenticated user with administrator rights has the ability to upload arbitrary files to the system, leading to directory traversal. Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. NOTE: multiple third parties have reported that no privilege escalation can occur.Īn issue in Webbank WeCube v3.2.2 allows attackers to execute a directory traversal via a crafted ZIP file. The command runs in a child process under the 7zFM.exe process. This is caused by misconfiguration of 7z.dll and a heap overflow. The issue has been fixed in version 0.0.34. When users use `zip.Unzip` to unzip zip files from a malicious attacker, they may be vulnerable to path traversal. Versions prior to 0.0.34 have a ZipSlip issue when using fsutil package to unzip files. Go-used-util has commonly used utility functions for Go. A threat actor could issue a request to this endpoint with 100+ statement IDs every 30 seconds, potentially resulting in an overload of the server for all users. When this many IDs are supplied, the server takes around 60 seconds to respond and successfully generate the expected ZIP archive (during this time period, no other pages load). The GET parameter accepts over 100 comma-separated e-statement IDs without throwing an error. A Denial-of-Service attack is possible through the GET parameter EStatementsIds located on the /Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx endpoint. An issue was discovered in ebankIT before 7.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |