Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tar project tar vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2021-38197
unarr.go in go-unarr (aka Go bindings for unarr) 0.1.1 allows Directory Traversal via ../ in a pathname within a TAR archive.
Go-unarr Project Go-unarr 0.1.1
10
CVSSv2
CVE-2015-0857
Cool Projects TarDiff allows remote malicious users to execute arbitrary commands via shell metacharacters in the name of a (1) tar file or (2) file within a tar file.
Tardiff Project Tardiff -
Debian Debian Linux 8.0
9.3
CVSSv2
CVE-2008-3074
The shellescape function in Vim 7.0 up to and including 7.2, including 7.2a.10, allows user-assisted malicious users to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a tar archive and possibly (2) the filename of the f...
Vim Vim 7.2
Vim Tar.vim V.12
Vim Tar.vim V.13
Vim Tar.vim V.20
Vim Tar.vim V.21
Vim Vim 7.1
Vim Vim 7.0
Vim Tar.vim V.16
Vim Tar.vim V.17
Vim Vim 7.1.314
Vim Vim 7.1.266
Vim Tar.vim V.14
Vim Tar.vim V.15
Vim Tar.vim V.22
Vim Tar.vim V.10
Vim Tar.vim V.11
Vim Tar.vim V.18
Vim Tar.vim V.19
9.3
CVSSv2
CVE-2008-3075
The shellescape function in Vim 7.0 up to and including 7.2, including 7.2a.10, allows user-assisted malicious users to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a ZIP archive and possibly (2) the filename of the f...
Vim Vim 7.1.266
Vim Vim 7.1
Vim Vim 7.2
Vim Vim 7.1.314
Vim Zipplugin.vim V.19
Vim Zipplugin.vim V.18
Vim Vim 7.0
Vim Vim 7.2a.10
Vim Zipplugin.vim V.15
Vim Zipplugin.vim V.14
Vim Zipplugin.vim V.13
Vim Zipplugin.vim V.17
Vim Zipplugin.vim V.16
Vim Zipplugin.vim V.21
Vim Zipplugin.vim V.20
Vim Zipplugin.vim V.12
Vim Zipplugin.vim V.11
9.3
CVSSv2
CVE-2008-3076
The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted malicious users to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within the (1) mz and (2) mc commands, as demonstrated by the netrw.v2 and netrw.v3 test ...
Vim Vim 7.2a.10
1 EDB exploit
9.3
CVSSv2
CVE-2008-4101
Vim 3.0 up to and including 7.x prior to 7.2.010 does not properly escape characters, which allows user-assisted malicious users to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" (semicolon) followed by a command, or execute...
Vim Vim 5.2
Vim Vim 5.3
Vim Vim 6.1
Vim Vim 6.2
Vim Vim 5.4
Vim Vim 5.5
Vim Vim 6.3
Vim Vim 6.4
Vim Vim 5.0
Vim Vim 5.1
Vim Vim 5.8
Vim Vim 6.0
Vim Vim
Vim Vim 3.0
Vim Vim 4.0
Vim Vim 5.6
Vim Vim 5.7
Vim Vim 7.0
Vim Vim 7.1
1 EDB exploit
9.3
CVSSv2
CVE-2008-2712
Vim 7.1.314, 6.4, and other versions allows user-assisted remote malicious users to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, ...
Vim Vim
Canonical Ubuntu Linux 8.10
Canonical Ubuntu Linux 8.04
Canonical Ubuntu Linux 7.10
Canonical Ubuntu Linux 6.06
1 EDB exploit
9.3
CVSSv2
CVE-2007-3641
archive_read_support_format_tar.c in libarchive prior to 2.2.4 does not properly compute the length of a certain buffer when processing a malformed pax extension header, which allows user-assisted remote malicious users to cause a denial of service (crash) and possibly execute ar...
Freebsd Libarchive
7.5
CVSSv2
CVE-2021-32840
SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Prior to version 1.3.3, a TAR file entry `../evil.txt` may be extracted in the parent directory of `destFolder`. This leads to arbitrary file write that may lead to code execution. The vulnerability was patched in ve...
Sharpziplib Project Sharpziplib
7.5
CVSSv2
CVE-2018-1000517
BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow. This attack appear to be exploitable via network connectivity. This vulnerability appear...
Busybox Busybox
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »