Lucene search
K

35 matches found

Tenable Nessus
Tenable Nessus
added 2019/01/09 12:0 a.m.64 views

PHP 5.6.x < 5.6.19 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.19. It is, therefore, affected by multiple vulnerabilities : - A use-after-free error exists in file ext/wddx/wddx.c in the phpwddxpopelement function when handling XML data. An unauthenticated,...

9.8CVSS8.9AI score0.35438EPSS
Exploits0References3
CVE
CVE
added 2016/05/22 1:0 a.m.379 views

CVE-2014-9767

CVE-2014-9767 is a directory traversal vulnerability in PHP’s ZipArchive::extractTo (ext/zip/php_zip.c) and HHVM’s ext/zip/ext_zip.cpp. It affects PHP versions before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, as well as HHVM before 3.12.1, allowing remote attackers to create arbitrary...

4.3CVSS6.9AI score0.04542EPSS
Exploits1References14Affected Software1
Cvelist
Cvelist
added 2016/05/22 1:0 a.m.43 views

CVE-2014-9767

Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/phpzip.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 and ext/zip/extzip.cpp in HHVM before 3.12.1 allows remote attackers to create arbitrary empty directories via a crafted ZIP archive...

6.7AI score0.04542EPSS
Exploits1References14
Tenable Nessus
Tenable Nessus
added 2016/03/17 12:0 a.m.56 views

PHP 7.0.x < 7.0.4 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.4. It is, therefore, affected by multiple vulnerabilities : - A type confusion error exists in file ext/soap/phphttp.c in the makehttpsoaprequest function when handling cookie data. An...

9.8CVSS8.8AI score0.05666EPSS
Exploits3References5
UbuntuCve
UbuntuCve
added 2014/12/31 12:0 a.m.33 views

CVE-2014-9767

Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/phpzip.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 and ext/zip/extzip.cpp in HHVM before 3.12.1 allows remote attackers to create arbitrary empty directories via a crafted ZIP archive...

4.3CVSS6.9AI score0.04542EPSS
Exploits1References2
seebug.org
seebug.org
added 2011/04/28 12:0 a.m.10 views

PHP <5.2.6 ZipArchive::extractTo()函数.zip文件目录遍历漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2009/12/15 12:0 a.m.11 views

PHP extractTo 函数导致非授权目录可写

No description provided by source...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2009/04/23 12:0 a.m.37 views

Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : php5 vulnerabilities (USN-720-1)

It was discovered that PHP did not properly enforce phpadminvalue and phpadminflag restrictions in the Apache configuration file. A local attacker could create a specially crafted PHP script that would bypass intended security restrictions. This issue only applied to Ubuntu 6.06 LTS, 7.10, and 8....

10CVSS7.7AI score0.07371EPSS
Exploits9References11
NVD
NVD
added 2008/12/17 8:30 p.m.19 views

CVE-2008-5658

Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. dot dot sequences...

7.5CVSS9.3AI score0.04028EPSS
Exploits1References21
Prion
Prion
added 2008/12/17 8:30 p.m.25 views

Directory traversal

Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. dot dot sequences...

7.5CVSS6.5AI score0.04028EPSS
Exploits1References21Affected Software1
Cvelist
Cvelist
added 2008/12/17 8:0 p.m.26 views

CVE-2008-5658

Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. dot dot sequences...

8.5AI score0.04028EPSS
Exploits1References21
CVE
CVE
added 2008/12/17 8:0 p.m.171 views

CVE-2008-5658

CVE-2008-5658 : A directory traversal vulnerability in PHP before or equal to 5.2.6 affects ZipArchive::extractTo, allowing a context-dependent attacker to write arbitrary files via a ZIP entry name containing .. sequences. The initial description identifies the affected software as PHP 5.2.6 and...

7.5CVSS8.5AI score0.04028EPSS
Exploits1References21Affected Software1
seebug.org
seebug.org
added 2008/12/09 12:0 a.m.122 views

PHP ZipArchive::extractTo()函数.zip文件目录遍历漏洞

BUGTRAQ ID: 32625 PHP是广泛使用的通用目的脚本语言,特别适合于Web开发,可嵌入到HTML中。 PHP所捆绑的zip扩展使用ZipArchive::extractTo将用户上传的zip文档解压到临时目录,但在解压时没有正确地过滤文档中所存储的文件名,因此在解压包含有相对文件名的zip文档时可能导致在临时目录外创建或覆盖文件。 PHP 5.2.7 PHP --- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.php.net...

6.9AI score
Exploits0
securityvulns
securityvulns
added 2008/12/04 12:0 a.m.21 views

PHP ZipArchive::extractTo&#40;&#41; directory traversal

Directory traversal then upacking ZIP files...

3.3AI score
Exploits0References1Affected Software1
Packet Storm
Packet Storm
added 2008/12/04 12:0 a.m.21 views

SE-2008-06.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SektionEins GmbH www.sektioneins.de -= Security Advisory =- Advisory: PHP ZipArchive::extractTo Directory Traversal Vulnerability Release Date: 2008/12/04 Last Modified: 2008/12/04 Author: Stefan Esser stefan.esseratsektioneins.de Application: PHP 5 =...

7.4AI score
Exploits0
Rows per page
Query Builder