147 matches found
EUVD-2026-14895
ConcreteCMS v9.4.7 contains a Denial of Service DoS vulnerability in the File Manager component. The 'download' method in 'concrete/controllers/backend/file.php' improperly manages memory when creating zip archives. It uses 'ZipArchive::addFromString' combined with 'filegetcontents', which loads...
GHSA-P68C-RMFH-J48H ConcreteCMS is vulnerable to Denial of Service During Bulk Downloads
ConcreteCMS v9.4.7 contains a Denial of Service DoS vulnerability in the File Manager component. The 'download' method in 'concrete/controllers/backend/file.php' improperly manages memory when creating zip archives. It uses 'ZipArchive::addFromString' combined with 'filegetcontents', which loads...
ConcreteCMS is vulnerable to Denial of Service During Bulk Downloads
ConcreteCMS v9.4.7 contains a Denial of Service DoS vulnerability in the File Manager component. The 'download' method in 'concrete/controllers/backend/file.php' improperly manages memory when creating zip archives. It uses 'ZipArchive::addFromString' combined with 'filegetcontents', which loads...
CVE-2026-30662
ConcreteCMS v9.4.7 contains a Denial of Service DoS vulnerability in the File Manager component. The 'download' method in 'concrete/controllers/backend/file.php' improperly manages memory when creating zip archives. It uses 'ZipArchive::addFromString' combined with 'filegetcontents', which loads...
EUVD-2014-9573
Malware in sbrugna...
EUVD-2010-3691
Malware in sbrugna...
EUVD-2021-8878
Malicious code in bioql PyPI...
EUVD-2011-1657
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2017-14719
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components. CVE-2017-14719...
CVE-2023-39136
An unhandled edge case in the component sanitizedPath of ZipArchive v2.5.4 allows attackers to cause a Denial of Service DoS via a crafted zip file...
Linux Distros Unpatched Vulnerability : CVE-2011-1657
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The 1 ZipArchive::addGlob and 2 ZipArchive::addPattern functions in ext/zip/phpzip.c in PHP 5.3.6 allow context-dependent attackers to cause a denial of service...
BIT-PHP-MIN-2021-21706 ZipArchive::extractTo may extract outside of destination dir
In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS...
CVE-2024-45436
extractFromZipFile in model.go in Ollama before 0.1.47 can extract members of a ZIP archive outside of the parent directory...
BIT-PHP-2021-21706 ZipArchive::extractTo may extract outside of destination dir
In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS via the sanitizedPath component, which allows an attacker to exploit this vulnerability using a crafted zip file. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessib...
CVE-2023-39136
An unhandled edge case in the component sanitizedPath of ZipArchive v2.5.4 allows attackers to cause a Denial of Service DoS via a crafted zip file...
CVE-2023-39136
An unhandled edge case in the component sanitizedPath of ZipArchive v2.5.4 allows attackers to cause a Denial of Service DoS via a crafted zip file...
CVE-2023-39136
An unhandled edge case in the component sanitizedPath of ZipArchive v2.5.4 allows attackers to cause a Denial of Service DoS via a crafted zip file...
Design/Logic Flaw
An unhandled edge case in the component sanitizedPath of ZipArchive v2.5.4 allows attackers to cause a Denial of Service DoS via a crafted zip file...
PT-2023-26798 · Unknown · Ziparchive
Name of the Vulnerable Software and Affected Versions: ZipArchive version 2.5.4 Description: The issue is related to an unhandled edge case in the sanitizedPath component of ZipArchive, which allows attackers to cause a Denial of Service DoS by using a crafted zip file. Recommendations: For...