GFI Archiver MArc.Store Missing Authorization Authentication Bypass Vulnerability
GFI Archiver MArc.Store Missing Authorization Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of GFI Archiver. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the MArc.Store.Remoting.exe process, which listens on port 8018. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of SYSTEM. Was ZDI-CAN-28597.
References
- ZDI-26-077 x_research-advisory
Affected products
- ==15.10
Matching in nixpkgs
pkgs.archiver
Easily create & extract archives, and compress & decompress files of various formats
pkgs.xarchiver
GTK frontend to 7z,zip,rar,tar,bzip2, gzip,arj, lha, rpm and deb (open and extract only)
pkgs.fsarchiver
File system archiver for linux
pkgs.the-unarchiver
Unpacks archive files
pkgs.lxqt.lxqt-archiver
Archive tool for the LXQt desktop environment
pkgs.CuboCore.corearchiver
Archiver from the C Suite to create and extract archives
pkgs.wayback-machine-archiver
Python script to submit web pages to the Wayback Machine for archiving
pkgs.python312Packages.nskeyedunarchiver
Unserializes plist data into a usable Python dict
pkgs.python313Packages.nskeyedunarchiver
Unserializes plist data into a usable Python dict
pkgs.python314Packages.nskeyedunarchiver
Unserializes plist data into a usable Python dict
Package maintainers
-
@dan4ik605743 Danil Danevich <6057430gu@gmail.com>
-
@kalbasit Wael Nasreddine <wael.nasreddine@gmail.com>
-
@jchv John Chadwick <johnwchadwick@gmail.com>
-
@romildo José Romildo Malaquias <malaquias@gmail.com>
-
@PapayaJackal PapayaJackal
-
@xiaoxiangmoe ZHAO JinXiang <xiaoxiangmoe@gmail.com>
-
@D4ndellion Daniel Olsen <daniel@dodsorf.as>
-
@domenkozar Domen Kozar <domen@dev.si>