EUVD-2025-202933

WBCE CMS version 1.6.3 and prior contains an authenticated remote code execution vulnerability that allows administrators to upload malicious modules. Attackers can craft a specially designed ZIP module with embedded PHP reverse shell code to gain remote system access when the module is installed...

CVE-2025-34506

WBCE CMS version 1.6.3 and prior contains an authenticated remote code execution vulnerability that allows administrators to upload malicious modules. Attackers can craft a specially designed ZIP module with embedded PHP reverse shell code to gain remote system access when the module is installed...

CVE-2025-34506 WBCE CMS 1.6.3 Authenticated Remote Code Execution via Module Upload

WBCE CMS version 1.6.3 and prior contains an authenticated remote code execution vulnerability that allows administrators to upload malicious modules. Attackers can craft a specially designed ZIP module with embedded PHP reverse shell code to gain remote system access when the module is installed...

FreeBSD : Erlang - Absolute Path in Zip Module (237f4f57-b50f-11f0-ae9b-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 237f4f57-b50f-11f0-ae9b-b42e991fc52e advisory. https://github.com/erlang/otp/security/advisories/GHSA-9g37-pgj9-wrhc reports: Improper Limitation of a...

Erlang - Absolute Path in Zip Module

https://github.com/erlang/otp/security/advisories/GHSA-9g37-pgj9-wrhc reports: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP stdlib modules allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program...

MAL-2024-12272 Malicious code in filecraft (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3d0eec02526b659b5e856c211e05be1842dc283ed0b7d07dc90574ea5c7dc34a During the installation, the package iterates its files and attempts to import a hidden module - which is embedded as ZIP archive in the image file --- Categor...

Nuuo Central Management Server Authenticated Arbitrary File Download

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nuuo Central Management Server Authenticated Arbitrary File Download', 'Description' = %q The Nuuo Central Management Server allows an...

Ubuntu: Security Advisory (USN-3703-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Low: php72, php73

Issue Overview: The flaw is in pharparsezipfile of ext/phar/zip.c. When processing a PHP archive file phar, if a persistent entry is used as defined in php.ini, then memory pointed to by the actualalias pointer is freed. Directly after the free, the actualalias pointer is passed to...

MGASA-2018-0311 Updated perl-Archive-Zip packages fix security vulnerability

It was discovered that the Archive::Zip module incorrectly handled certain inputs. An attacker could possibly use this to access sensitive information CVE-2018-10860...

USN-3703-1 libarchive-zip-perl vulnerability

It was discovered that the Archive Zip module incorrectly handled certain inputs. An attacker could possibly use this to access sensitive information...

Debian Security Advisory DSA 2266-1 (php5)

The remote host is missing an update to php5 announced via advisory DSA 2266-1. OpenVAS Vulnerability Test $Id: deb22661.nasl 6613 2017-07-07 12:08:40Z cfischer $ Description: Auto-generated from advisory DSA 2266-1 php5 Authors: Thomas Reinke Copyright: Copyright c 2011 E-Soft Inc...

Debian DSA-2266-1 : php5 - several vulnerabilities

Several vulnerabilities were discovered in PHP, which could lead to denial of service or potentially the execution of arbitrary code. - CVE-2010-2531 An information leak was found in the varexport function. - CVE-2011-0421 The Zip module could crash. - CVE-2011-0708 An integer overflow was...

[SECURITY] [DSA 2266-1] php5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2266-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff June 29, 2011 http://www.debian.org/security/faq -...

DSA-2266-1 php5 - several

Bulletin has no description...

Ubuntu Update for php5 regression USN-424-2

Ubuntu Update for Linux kernel vulnerabilities USN-424-2 OpenVAS Vulnerability Test $Id: gbubuntuUSN4242.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for php5 regression USN-424-2 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net...

Ubuntu Update for php5 vulnerabilities USN-424-1

Ubuntu Update for Linux kernel vulnerabilities USN-424-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN4241.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for php5 vulnerabilities USN-424-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...

Ubuntu 5.10 / 6.06 LTS / 6.10 : php5 vulnerabilities (USN-424-1)

Multiple buffer overflows have been discovered in various PHP modules. If a PHP application processes untrusted data with functions of the session or zip module, or various string functions, a remote attacker could exploit this to execute arbitrary code with the privileges of the web server...

Ubuntu 5.10 / 6.06 LTS / 6.10 : php5 regression (USN-424-2)

USN-424-1 fixed vulnerabilities in PHP. However, some upstream changes were not included, which caused errors in the stream filters. This update fixes the problem. We apologize for the inconvenience. Multiple buffer overflows have been discovered in various PHP modules. If a PHP application...

USN-424-2: PHP regression

USN-424-1 fixed vulnerabilities in PHP. However, some upstream changes were not included, which caused errors in the stream filters. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple buffer overflows have been discovered in various PHP modules...