Zip4j up to v2.10.0 can throw various uncaught exceptions while parsing a specially crafted ZIP file, which could result in an application crash. Update_code in Admin.php in HYBBS2 through 2.3.2 allows arbitrary file upload via a crafted ZIP archive. nats-streaming-server before 0.24.3 is also affected. ![]() ![]() ![]() NATS nats-server before 2.7.4 allows Directory Traversal (with write access) via an element in a ZIP archive for JetStream streams. An authenticated user with administrator rights has the ability to upload arbitrary files to the system, leading to directory traversal. Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. NOTE: multiple third parties have reported that no privilege escalation can occur. The command runs in a child process under the 7zFM.exe process. This is caused by misconfiguration of 7z.dll and a heap overflow. 7z extension is dragged to the Help>Contents area. ** DISPUTED ** 7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the.
0 Comments
Leave a Reply. |