Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ark vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2021-4227
The ark-commenteditor WordPress plugin up to and including 2.15.6 does not properly sanitise or encode the comments when in Source editor, allowing malicious users to inject an iFrame in the page and thus load arbitrary content from any page to the comment section
Obg Ark Wysiwyg Comment Editor
7.8
CVSSv3
CVE-2017-5330
ark prior to 16.12.1 might allow remote malicious users to execute arbitrary code via an executable in an archive, related to associated applications.
Fedoraproject Fedora 25
Kde Ark
3.3
CVSSv3
CVE-2020-16116
In kerfuffle/jobs.cpp in KDE Ark prior to 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal.
Kde Ark
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Opensuse Leap 15.1
Opensuse Leap 15.2
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 20.04
1 Article
3.3
CVSSv3
CVE-2020-24654
In KDE Ark prior to 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory.
Kde Ark
Canonical Ubuntu Linux 16.04
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
Opensuse Leap 15.1
Fedoraproject Fedora 32
Canonical Ubuntu Linux 20.04
Opensuse Leap 15.2
Debian Debian Linux 9.0
Fedoraproject Fedora 33
NA
CVE-2011-2725
Directory traversal vulnerability in Ark 4.7.x and previous versions allows remote malicious users to delete and force the display of arbitrary files via .. (dot dot) sequences in a zip file.
Kde Kde Sc 4.7.1
Kde Kde Sc 4.7.2
Kde Kde Sc 4.7.3
Kde Kde Sc
Kde Ark
Kde Kde Sc 4.7.0
Opensuse Opensuse 11.4
Canonical Ubuntu Linux 10.04
Canonical Ubuntu Linux 11.04
Canonical Ubuntu Linux 10.10
Canonical Ubuntu Linux 11.10
8.8
CVSSv3
CVE-2021-26615
ARK library allows malicious users to execute remote code via the parameter(path value) of Ark_NormalizeAndDupPAthNameW function because of an integer overflow.
Bandisoft Ark Library 7.13.0.3
9.8
CVSSv3
CVE-2021-26623
A remote code execution vulnerability due to incomplete check for 'xheader_decode_path_record' function's parameter length value in the ark library. Remote attackers can induce exploit malicious code using this function.
Bandisoft Bandizip
7.8
CVSSv3
CVE-2021-26603
A heap overflow issue was found in ARK library of bandisoft Co., Ltd when the Ark_DigPathA function parsed a file path. This vulnerability is due to missing support for string length check.
Bandisoft Ark Library
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2