ZDI-24-107: Allegra extarctZippedFile Directory Traversal Remote Code Execution Vulnerability | allinfosecnews.com

Feb. 9, 2024, 6 a.m. |

ZDI: Published Advisories www.zerodayinitiative.com

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2024-22504.

arbitrary code attackers authentication can code code execution cve cves cvss directory directory traversal exploit mechanism rating remote code remote code execution vulnerability zdi

More from www.zerodayinitiative.com / ZDI: Published Advisories

ZDI-24-557: Kofax Power PDF JPF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability 2 days, 9 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +16

ZDI-24-556: Kofax Power PDF JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability 2 days, 9 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +16

ZDI-24-555: Kofax Power PDF JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability 2 days, 9 hours ago | www.zerodayinitiative.com

attackers cvss disclosure exploit +16

ZDI-24-529: (Pwn2Own) VMware Workstation UrbBuf_getDataBuf Uninitialized Variable Information Disclosure Vulnerability 2 days, 9 hours ago | www.zerodayinitiative.com

attacker attackers code cves +22

ZDI-24-528: (Pwn2Own) VMware Workstation hgfsVMCI_fileread Use of Uninitialized Variable Information Disclosure Vulnerability 2 days, 9 hours ago | www.zerodayinitiative.com

attacker attackers code cvss +21

ZDI-24-527: (Pwn2Own) [Collision] VMWare Workstation VBluetoothHCI_PacketOut Use-After-Free Privilege Escalation Vulnerability 2 days, 9 hours ago | www.zerodayinitiative.com

attacker attackers code collision +24

ZDI-24-554: Kofax Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability 2 days, 9 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +15

ZDI-24-553: Kofax Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability 2 days, 9 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +15

ZDI-24-552: Kofax Power PDF AcroForm Annotation Out-Of-Bounds Read Information Disclosure Vulnerability 2 days, 9 hours ago | www.zerodayinitiative.com

attackers cvss disclosure exploit +15

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland

View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City

View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL

View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US

View on infosec-jobs.com

Security Compliance Strategist

@ Grab | Petaling Jaya, Malaysia

View on infosec-jobs.com

Cloud Security Architect, Lead

@ Booz Allen Hamilton | USA, VA, McLean (1500 Tysons McLean Dr)

View on infosec-jobs.com