CVE-2023-53924 UliCMS 2023.1-sniffing-vicuna Remote Code Execution via Avatar Upload

UliCMS 2023.1-sniffing-vicuna contains a remote code execution vulnerability that allows authenticated attackers to upload PHP files with .phar extension during profile avatar upload. Attackers can trigger code execution by visiting the uploaded file's location, enabling system command execution...

CVE-2023-53921

SitemagicCMS 4.4.3 is affected by a remote code execution vulnerability via unrestricted file upload. The issue allows uploading a .phar file containing a system command execution payload into the files/images directory, enabling attackers to execute arbitrary commands on the hosting system. Docu...

EUVD-2010-2954

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2016-3142

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The pharparsezipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive informatio...

Linux Distros Unpatched Vulnerability : CVE-2016-4072

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via a crafted filename, as...

Ez Platform and Legacy are prone to an insecure interpretation of PHP/PHAR uploads

The eZ Platform and Legacy are affected by an issue related to how uploaded PHP and PHAR files are handled, and consists of two parts: 1. Web server configuration, and 2. Disabling the PHAR stream wrapper. 1. WEB SERVER CONFIGURATION The sample web server configuration in our documentation can in...

GHSA-PQJM-XCP8-WGMM Ez Platform and Legacy are prone to an insecure interpretation of PHP/PHAR uploads

The eZ Platform and Legacy are affected by an issue related to how uploaded PHP and PHAR files are handled, and consists of two parts: 1. Web server configuration, and 2. Disabling the PHAR stream wrapper. 1. WEB SERVER CONFIGURATION The sample web server configuration in our documentation can in...

SUSE CVE-2016-10160

Off-by-one error in the pharparsepharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service memory corruption or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch...

CVE-2020-26255

Kirby is a CMS. In Kirby CMS getkirby/cms before version 3.4.5, and Kirby Panel before version 2.5.14 , an editor with full access to the Kirby Panel can upload a PHP .phar file and execute it on the server. This vulnerability is critical if you might have potential attackers in your group of...

GHSA-G3H8-CG9X-47QW Kirby Panel users could upload PHP Phar archives as content files before v2.5.14 and v3.4.5

Impact An editor with full access to the Kirby Panel can upload a PHP .phar file and execute it on the server. This vulnerability is critical if you might have potential attackers in your group of authenticated Panel users, as they can gain access to the server with such a Phar file. Visitors...

WordPress Core Phar Insecure Deserialization

An insecure deserialization vulnerability exists in WordPress core. The vulnerability is due to the lack of input validation in PHP phar stream wrapper. Successful exploitation of this vulnerability could allow a remote authenticated attacker with at least author-level privileges to execute...

php: Out-of-bounds read in phar_parse_pharfile

In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the pharparsepharfile function in ext/phar/phar.c...

Ubuntu: Security Advisory (USN-2984-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 341-1] php5 security update

Package : php5 Version : 5.3.3.1-7+squeeze28 CVE ID : CVE-2015-6831 CVE-2015-6832 CVE-2015-6833 CVE-2015-6834 CVE-2015-6836 CVE-2015-6837 CVE-2015-6838 CVE-2015-7803 CVE-2015-7804 CVE-2015-6831 Use after free vulnerability was found in unserialize function. We can create ZVAL and free it via...

USN-2758-1: PHP vulnerabilities

It was discovered that the PHP phar extension incorrectly handled certain files. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. CVE-2015-5589 It was discovered that the PHP phar extension incorrectly handled certain filepaths. A remote attacker cou...

FreeBSD : php-phar -- multiple vulnerabilities (8b1f53f3-2da5-11e5-86ff-14dae9d210b8)

reports : Segfault in Phar::convertToData on invalid file. Buffer overflow and stack smashing error in pharfixfilepath. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2018...

php-phar -- multiple vulnerabilities

reports: Segfault in Phar::convertToData on invalid file. Buffer overflow and stack smashing error in pharfixfilepath...

Mandriva Update for php-phar MDVSA-2011:004 (php-phar)

Check for the Version of php-phar OpenVAS Vulnerability Test Mandriva Update for php-phar MDVSA-2011:004 php-phar Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

Mandriva Update for php-phar MDVSA-2011:004 (php-phar)

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...