Lucene search
+L

151 matches found

Cvelist
Cvelist
added 2023/08/30 12:0 a.m.32 views

CVE-2023-39136

An unhandled edge case in the component sanitizedPath of ZipArchive v2.5.4 allows attackers to cause a Denial of Service DoS via a crafted zip file...

5.5AI score0.00364EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2023/08/30 12:0 a.m.13 views

CVE-2023-39136

An unhandled edge case in the component sanitizedPath of ZipArchive v2.5.4 allows attackers to cause a Denial of Service DoS via a crafted zip file...

5.3AI score0.00364EPSS
Exploits1References4
CVE
CVE
added 2023/08/30 12:0 a.m.53 views

CVE-2023-39136

CVE-2023-39136 affects ZipArchive v2.5.4, via an unhandled edge case in the _sanitizedPath component that can cause a Denial of Service when processing a crafted zip file. Public documents consistently describe the vulnerable component and version, with remediation guidance to upgrade ZipArchive ...

5.5CVSS5.2AI score0.00364EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2023/08/30 12:0 a.m.25 views

CVE-2023-39136

An unhandled edge case in the component sanitizedPath of ZipArchive v2.5.4 allows attackers to cause a Denial of Service DoS via a crafted zip file...

5.5CVSS6.8AI score0.00364EPSS
Exploits1References6
SUSE CVE
SUSE CVE
added 2023/02/15 5:53 a.m.5 views

SUSE CVE-2011-1470

The Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service application crash via a ziparchive stream that is not properly handled by the streamgetcontents function...

4.3CVSS6.6AI score0.09521EPSS
Exploits2References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:53 a.m.5 views

SUSE CVE-2011-1657

The 1 ZipArchive::addGlob and 2 ZipArchive::addPattern functions in ext/zip/phpzip.c in PHP 5.3.6 allow context-dependent attackers to cause a denial of service application crash via certain flags arguments, as demonstrated by a GLOBALTDIRFUNC and b GLOBAPPEND...

5CVSS7.2AI score0.0515EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:0 a.m.5 views

SUSE CVE-2016-5773

phpzip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free and application crash...

9.8CVSS9.1AI score0.0926EPSS
Exploits5References7
Packet Storm
Packet Storm
added 2022/09/13 12:0 a.m.299 views

Academy Learning Management System 5.7 Shell Upload

Exploit Title: Academy Learning Management System 5.7 Shell Upload Exploit Author: th3d1gger Vendor Homepage: https://codecanyon.net Software Link: https://codecanyon.net/item/academy-course-based-learning-management-system/22703468 Version: 5.7 Tested on Ubuntu 18.04 Totally wrong architecture f...

7.4AI score
Exploits0
OSV
OSV
added 2022/06/18 9:30 p.m.28 views

MGASA-2022-0234 Updated php packages fix security vulnerability

CLI -Fixed bug 8575 CLI closes standard streams too early. Core -Fixed Haiku ZTS builds. Date -Fixed bug 8471 Segmentation fault when converting immutable and mutable DateTime instances created using reflection. php-fpm - Fixed bug 72185 writes empty fcgi record causing nginx 502. Mysqlnd - Fixed...

8.8CVSS8.7AI score0.5838EPSS
Exploits3References3
BDU FSTEC
BDU FSTEC
added 2022/04/27 12:0 a.m.8 views

The vulnerability of the `ziparchive::extractto` function in the PHP programming language lies in its lack of name-based path limitation, allowing attackers to create arbitrary directories.

The vulnerability of the ziparchive::extractto function in the PHP programming language is related to deficiencies in pathname restrictions for directories. Exploiting this vulnerability could allow an attacker to create arbitrary directories remotely...

4.3CVSS6.8AI score0.04542EPSS
Exploits1References15Affected Software3
BDU FSTEC
BDU FSTEC
added 2022/04/25 12:0 a.m.6 views

The vulnerability of the php_zip.c component of the PHP programming language interpreter allows a attacker to execute arbitrary PHP code or cause a service failure.

The vulnerability of the phpzip.c component of the PHP programming language interpreter relates to the use of memory after it is freed. Exploiting this vulnerability allows an attacker to execute arbitrary PHP code or cause a service failure by using specially created serialized data containing a...

10CVSS8.1AI score0.0926EPSS
Exploits5References13Affected Software3
BDU FSTEC
BDU FSTEC
added 2021/12/17 12:0 a.m.6 views

The vulnerability of the ZipArchive::extractTo function in the PHP interpreter allows a attacker to create or overwrite files.

The vulnerability of the ZipArchive::extractTo function in the PHP interpreter exists due to an incorrect limitation on the path name of the restricted directory. Exploiting this vulnerability could allow a malicious actor to create or re-record files remotely...

7.1CVSS6.8AI score0.01337EPSS
Exploits0References7Affected Software2
Tenable Nessus
Tenable Nessus
added 2021/10/28 12:0 a.m.296 views

PHP 7.4.x < 7.4.24 Arbitrary File Write

The version of PHP installed on the remote host is 7.4.x prior to 7.4.25. It is, therefore, affected by a vulnerability as referenced in the version 7.4.24 advisory. In the Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when...

6.5CVSS7AI score0.01337EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2021/10/28 12:0 a.m.187 views

PHP 7.3.x < 7.3.31 Arbitrary File Write

The version of PHP installed on the remote host is 7.3.x prior to 7.3.31. It is, therefore, affected by a vulnerability as referenced in the version 7.3.31 advisory. In the Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when...

6.5CVSS7AI score0.01337EPSS
Exploits0References3
NVD
NVD
added 2021/10/04 4:15 a.m.19 views

CVE-2021-21706

In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS...

6.5CVSS0.01337EPSS
Exploits0References2
OSV
OSV
added 2021/10/04 4:15 a.m.22 views

CVE-2021-21706

In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS...

6.5CVSS6.6AI score
Exploits0References2
UbuntuCve
UbuntuCve
added 2021/10/04 4:15 a.m.44 views

CVE-2021-21706

In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS...

6.5CVSS6.7AI score0.01337EPSS
Exploits0References2
Prion
Prion
added 2021/10/04 4:15 a.m.56 views

Design/Logic Flaw

In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS...

4.3CVSS6.2AI score0.01337EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/10/04 4:0 a.m.375 views

CVE-2021-21706

CVE-2021-21706 affects PHP on Windows: ZipArchive::extractTo can write files outside the target directory when extracting ZIPs. Affected are PHP 7.3.x &lt; 7.3.31, 7.4.x &lt; 7.4.24, and 8.0.x

6.5CVSS5.8AI score0.01337EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/10/04 4:0 a.m.39 views

CVE-2021-21706 ZipArchive::extractTo may extract outside of destination dir

In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS...

5.3CVSS6.8AI score0.01337EPSS
Exploits0References2
Rows per page
Query Builder