CVE-2026-4200

CVE-2026-4200 describes a server-side request forgery in glowxq-oj, affecting the function uploadTestcaseZipUrl in ProblemCaseController.java of glowxq/oj. The vulnerability stems from manipulating the upload path/parameters, allowing remote initiation of requests. Public exploitation is noted, w...

EUVD-2016-7227

Malware in sbrugna...

EUVD-2007-1454

Malware in sbrugna...

PT-2024-12039 · Unknown · Processwire

Name of the Vulnerable Software and Affected Versions: ProcessWire version 3.0.210 Description: An issue in ProcessWire allows attackers to execute arbitrary code and install a reverse shell via the download zip url parameter when installing a new module. This issue is disputed as it requires the...

ProcessWire security vulnerability

ProcessWire is a friendly and powerful open source CMS with a robust API. A security vulnerability exists in ProcessWire version 3.0.210, which originates from a vulnerability that allows an attacker to install a reverse shell via the downloadzipurl parameter when installing a new module and...

SUSE CVE-2016-6297

Integer overflow in the phpstreamzipopener function in ext/zip/zipstream.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service stack-based buffer overflow or possibly have unspecified other impact via a crafted zip:// URL...

php: Stack-based buffer overflow vulnerability in php_stream_zip_opener

Integer overflow in the phpstreamzipopener function in ext/zip/zipstream.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service stack-based buffer overflow or possibly have unspecified other impact via a crafted zip:// URL...

CVE-2016-6297

Integer overflow in the phpstreamzipopener function in ext/zip/zipstream.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service stack-based buffer overflow or possibly have unspecified other impact via a crafted zip:// URL...

Integer overflow

Integer overflow in the phpstreamzipopener function in ext/zip/zipstream.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service stack-based buffer overflow or possibly have unspecified other impact via a crafted zip:// URL...

CVE-2016-6297

Removed by vendor...

Directory traversal

Directory traversal vulnerability in the NeffyLauncher 1.0.5 ActiveX control NeffyLauncher.dll in CDNetworks Nefficient Download allows remote attackers to download arbitrary code onto a client system via a .. dot dot in the SkinPath parameter and a .zip URL in the HttpSkin parameter. NOTE: this...

CVE-2007-1399

Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8.3 and earlier, as bundled with PHP 5.2.0 and 5.2.1, allows remote attackers to execute arbitrary code via a long zip:// URL, as demonstrated by actively triggering URL access from a remote PHP interpreter via avatar upload or...

PT-2007-2793

Name of the Vulnerable Software and Affected Versions PECL ZIP versions 1.8.3 and earlier PHP versions 5.2.0 and 5.2.1 Description The issue is a stack-based buffer overflow in the zip:// URL wrapper. This allows remote attackers to execute arbitrary code via a long zip:// URL. Attackers can...