CVE-2023-53942 File Thingie 2.5.7 Authenticated Arbitrary File Upload Remote Code Execution

File Thingie 2.5.7 contains an authenticated file upload vulnerability that allows remote attackers to upload malicious PHP zip archives to the web server. Attackers can create a custom PHP payload, upload and unzip it, and then execute arbitrary system commands through a crafted PHP script with ...

EUVD-2011-1476

Malware in sbrugna...

Oracle Linux 8 : php:8.2 (ELSA-2025-15687)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-15687 advisory. libzip php 8.2.28-1 - rebase to 8.2.28 php-pear php-pecl-apcu php-pecl-rrd php-pecl-xdebug3 php-pecl-zip Tenable has extracted the preceding descripti...

Linux Distros Unpatched Vulnerability : CVE-2016-5773

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - phpzip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garba...

Linux Distros Unpatched Vulnerability : CVE-2016-7414

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressedfilesize field is large enough, which...

Linux Distros Unpatched Vulnerability : CVE-2011-0421

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The zipnamelocate function in zipnamelocate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FLUNCHANGED argument, which might...

SUSE CVE-2009-1272

The phpzipmakerelativepath function in phpzip.c in PHP 5.2.x before 5.2.9 allows context-dependent attackers to cause a denial of service crash via a ZIP file that contains filenames with relative paths, which is not properly handled during extraction...

SUSE CVE-2011-0421

The zipnamelocate function in zipnamelocate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FLUNCHANGED argument, which might allow context-dependent attackers to cause a denial of service NULL pointer dereference via an empty ZIP archive that is processed with a...

SUSE CVE-2011-1470

The Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service application crash via a ziparchive stream that is not properly handled by the streamgetcontents function...

SUSE CVE-2016-5773

phpzip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free and application crash...

CVE-2018-12491

PHPOK 4.9.032 has an arbitrary file upload vulnerability in the importf function in framework/admin/moduleccontrol.php, as demonstrated by uploading a .php file within a .php.zip archive, a similar issue to CVE-2018-8944...

CVE-2016-5773

phpzip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free and application crash...

Integer overflow

Multiple integer overflows in phpzip.c in the zip extension in PHP before 7.0.6 allow remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted call to 1 getFromIndex or 2 getFromName in the ZipArchive...

Ubuntu: Security Advisory (USN-2984-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

UBUNTU-CVE-2016-3078

Multiple integer overflows in phpzip.c in the zip extension in PHP before 7.0.6 allow remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted call to 1 getFromIndex or 2 getFromName in the ZipArchive...

CVE-2016-3078

Multiple integer overflows in phpzip.c in the zip extension in PHP before 7.0.6 allow remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted call to 1 getFromIndex or 2 getFromName in the ZipArchive...

PHP ZIP extension _zip_cdir_new function integer overflow vulnerability

PHP is a popular programming language. An integer overflow vulnerability in the zipcdirnew function in zipdirent.c in libzip 0.11.2, used in the PHP ZIP extension, allows remote attackers to exploit via a special ZIP archive to crash an application or execute arbitrary code...

DEBIAN-CVE-2015-2331

Integer overflow in the zipcdirnew function in zipdirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service application crash or possibly execute...

MGASA-2014-0164 Updated libzip package fixes crashes using php-zip

The libzip library has been updated to version 0.11.2, which fixes crashes that affected php-zip and possibly other users of the library...

Updated libzip package fixes crashes using php-zip

The libzip library has been updated to version 0.11.2, which fixes crashes that affected php-zip and possibly other users of the library...