![]() The following models with Synology Camera Firmware versions before 1.0.5-0185 may be affected: BC500 and TC500.įileUtil.extract() enumerates all zip file entries and extracts each file without validating whether file paths in the archive are outside the intended directory. This allows remote attackers to execute arbitrary code via unspecified vectors. Specifically, the issue stems from the evaluation of Number format strings (not to be confused with printf-style format strings) within the Excel parsing logic.Ī vulnerability regarding use of externally-controlled format string is found in the cgi component. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type “eval”. ![]() Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |