Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gnu tar vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2007-4131
Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote malicious users to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.
Gnu Tar 1.13.19
Gnu Tar 1.13.25
Gnu Tar 1.15.91
Gnu Tar 1.16
Gnu Tar 1.13
Gnu Tar 1.13.5
Gnu Tar 1.14
Gnu Tar 1.13.16
Gnu Tar 1.13.17
Gnu Tar 1.13.18
Gnu Tar 1.15.1
Gnu Tar 1.15.90
Gnu Tar 1.13.11
Gnu Tar 1.13.14
Gnu Tar 1.14.90
Gnu Tar 1.15
4
CVSSv2
CVE-2006-6097
GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted malicious users to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function in extract.c and extract...
Gnu Tar 1.16
Gnu Tar 1.15.1
1 EDB exploit
5.1
CVSSv2
CVE-2006-0300
Buffer overflow in tar 1.14 up to and including 1.15.90 allows user-assisted malicious users to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers.
Gnu Tar 1.14.1
Gnu Tar 1.15
Gnu Tar 1.15.1
Gnu Tar 1.15.90
Gnu Tar 1.14
2.6
CVSSv2
CVE-2005-1918
The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted malicious users to overwrite arbitrary files via a crafted tar file, probably involving &q...
Gnu Tar 1.13.25
Redhat Enterprise Linux 2.1
Redhat Enterprise Linux Desktop 3.0
Redhat Linux Advanced Workstation 2.1
Redhat Enterprise Linux 3.0
10
CVSSv2
CVE-2005-2541
Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote malicious users to gain privileges.
Gnu Tar 1.15.1
6 Github repositories
5
CVSSv2
CVE-2002-1216
GNU tar 1.13.19 and other versions prior to 1.13.25 allows remote malicious users to overwrite arbitrary files via a symlink attack, as the result of a modification that effectively disabled the security check.
Gnu Tar 1.13.19
Gnu Tar
5
CVSSv2
CVE-2002-0399
Directory traversal vulnerability in GNU tar 1.13.19 up to and including 1.13.25, and possibly later versions, allows malicious users to overwrite arbitrary files during archive extraction via a (1) "/.." or (2) "./.." string, which removes the leading slash b...
Gnu Tar 1.13.25
2.1
CVSSv2
CVE-2001-1267
Directory traversal vulnerability in GNU tar 1.13.19 and previous versions allows local users to overwrite arbitrary files during archive extraction via a tar file whose filenames contain a .. (dot dot).
Gnu Tar
7.5
CVSSv2
CVE-1999-0997
wu-ftp with FTP conversion enabled allows an malicious user to execute commands via a malformed file name that is interpreted as an argument to the program that does the conversion, e.g. tar or uncompress.
Millenux Gmbh Anonftp 2.8.1
University Of Washington Wu-ftpd 2.5.0
University Of Washington Wu-ftpd 2.6.0
University Of Washington Wu-ftpd 2.4.2
Redhat Linux 6.1
Redhat Linux 5.2
Redhat Linux 6.0
1 EDB exploit
7.5
CVSSv2
CVE-1999-0202
The GNU tar command, when used in FTP sessions, may allow an malicious user to execute arbitrary commands.
University Of Washington Wu-ftpd 2.4.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3