150 matches found
EUVD-2026-14895
ConcreteCMS v9.4.7 contains a Denial of Service DoS vulnerability in the File Manager component. The 'download' method in 'concrete/controllers/backend/file.php' improperly manages memory when creating zip archives. It uses 'ZipArchive::addFromString' combined with 'filegetcontents', which loads...
GHSA-P68C-RMFH-J48H ConcreteCMS is vulnerable to Denial of Service During Bulk Downloads
ConcreteCMS v9.4.7 contains a Denial of Service DoS vulnerability in the File Manager component. The 'download' method in 'concrete/controllers/backend/file.php' improperly manages memory when creating zip archives. It uses 'ZipArchive::addFromString' combined with 'filegetcontents', which loads...
ConcreteCMS is vulnerable to Denial of Service During Bulk Downloads
ConcreteCMS v9.4.7 contains a Denial of Service DoS vulnerability in the File Manager component. The 'download' method in 'concrete/controllers/backend/file.php' improperly manages memory when creating zip archives. It uses 'ZipArchive::addFromString' combined with 'filegetcontents', which loads...
CVE-2026-30662
ConcreteCMS v9.4.7 contains a Denial of Service DoS vulnerability in the File Manager component. The 'download' method in 'concrete/controllers/backend/file.php' improperly manages memory when creating zip archives. It uses 'ZipArchive::addFromString' combined with 'filegetcontents', which loads...
EUVD-2014-9573
Malware in sbrugna...
EUVD-2010-3691
Malware in sbrugna...
EUVD-2011-1657
Malicious code in bioql PyPI...
EUVD-2021-8878
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2017-14719
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components. CVE-2017-14719...
CVE-2023-39136
An unhandled edge case in the component sanitizedPath of ZipArchive v2.5.4 allows attackers to cause a Denial of Service DoS via a crafted zip file...
Linux Distros Unpatched Vulnerability : CVE-2011-1657
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The 1 ZipArchive::addGlob and 2 ZipArchive::addPattern functions in ext/zip/phpzip.c in PHP 5.3.6 allow context-dependent attackers to cause a denial of service...
BIT-PHP-MIN-2021-21706 ZipArchive::extractTo may extract outside of destination dir
In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS...
CVE-2024-45436
extractFromZipFile in model.go in Ollama before 0.1.47 can extract members of a ZIP archive outside of the parent directory...
BIT-PHP-2021-21706 ZipArchive::extractTo may extract outside of destination dir
In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS via the sanitizedPath component, which allows an attacker to exploit this vulnerability using a crafted zip file. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessib...
CVE-2023-39136
An unhandled edge case in the component sanitizedPath of ZipArchive v2.5.4 allows attackers to cause a Denial of Service DoS via a crafted zip file...
CVE-2023-39136
An unhandled edge case in the component sanitizedPath of ZipArchive v2.5.4 allows attackers to cause a Denial of Service DoS via a crafted zip file...
Design/Logic Flaw
An unhandled edge case in the component sanitizedPath of ZipArchive v2.5.4 allows attackers to cause a Denial of Service DoS via a crafted zip file...
CVE-2023-39136
CVE-2023-39136 affects ZipArchive v2.5.4, via an unhandled edge case in the _sanitizedPath component that can cause a Denial of Service when processing a crafted zip file. Public documents consistently describe the vulnerable component and version, with remediation guidance to upgrade ZipArchive ...
PT-2023-26798 · Unknown · Ziparchive
Name of the Vulnerable Software and Affected Versions: ZipArchive version 2.5.4 Description: The issue is related to an unhandled edge case in the sanitizedPath component of ZipArchive, which allows attackers to cause a Denial of Service DoS by using a crafted zip file. Recommendations: For...