151 matches found
CVE-2023-39136
An unhandled edge case in the component sanitizedPath of ZipArchive v2.5.4 allows attackers to cause a Denial of Service DoS via a crafted zip file...
CVE-2023-39136
An unhandled edge case in the component sanitizedPath of ZipArchive v2.5.4 allows attackers to cause a Denial of Service DoS via a crafted zip file...
CVE-2023-39136
CVE-2023-39136 affects ZipArchive v2.5.4, via an unhandled edge case in the _sanitizedPath component that can cause a Denial of Service when processing a crafted zip file. Public documents consistently describe the vulnerable component and version, with remediation guidance to upgrade ZipArchive ...
CVE-2023-39136
An unhandled edge case in the component sanitizedPath of ZipArchive v2.5.4 allows attackers to cause a Denial of Service DoS via a crafted zip file...
SUSE CVE-2011-1470
The Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service application crash via a ziparchive stream that is not properly handled by the streamgetcontents function...
SUSE CVE-2011-1657
The 1 ZipArchive::addGlob and 2 ZipArchive::addPattern functions in ext/zip/phpzip.c in PHP 5.3.6 allow context-dependent attackers to cause a denial of service application crash via certain flags arguments, as demonstrated by a GLOBALTDIRFUNC and b GLOBAPPEND...
SUSE CVE-2016-5773
phpzip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free and application crash...
Academy Learning Management System 5.7 Shell Upload
Exploit Title: Academy Learning Management System 5.7 Shell Upload Exploit Author: th3d1gger Vendor Homepage: https://codecanyon.net Software Link: https://codecanyon.net/item/academy-course-based-learning-management-system/22703468 Version: 5.7 Tested on Ubuntu 18.04 Totally wrong architecture f...
MGASA-2022-0234 Updated php packages fix security vulnerability
CLI -Fixed bug 8575 CLI closes standard streams too early. Core -Fixed Haiku ZTS builds. Date -Fixed bug 8471 Segmentation fault when converting immutable and mutable DateTime instances created using reflection. php-fpm - Fixed bug 72185 writes empty fcgi record causing nginx 502. Mysqlnd - Fixed...
The vulnerability of the `ziparchive::extractto` function in the PHP programming language lies in its lack of name-based path limitation, allowing attackers to create arbitrary directories.
The vulnerability of the ziparchive::extractto function in the PHP programming language is related to deficiencies in pathname restrictions for directories. Exploiting this vulnerability could allow an attacker to create arbitrary directories remotely...
The vulnerability of the php_zip.c component of the PHP programming language interpreter allows a attacker to execute arbitrary PHP code or cause a service failure.
The vulnerability of the phpzip.c component of the PHP programming language interpreter relates to the use of memory after it is freed. Exploiting this vulnerability allows an attacker to execute arbitrary PHP code or cause a service failure by using specially created serialized data containing a...
The vulnerability of the ZipArchive::extractTo function in the PHP interpreter allows a attacker to create or overwrite files.
The vulnerability of the ZipArchive::extractTo function in the PHP interpreter exists due to an incorrect limitation on the path name of the restricted directory. Exploiting this vulnerability could allow a malicious actor to create or re-record files remotely...
PHP 7.4.x < 7.4.24 Arbitrary File Write
The version of PHP installed on the remote host is 7.4.x prior to 7.4.25. It is, therefore, affected by a vulnerability as referenced in the version 7.4.24 advisory. In the Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when...
PHP 7.3.x < 7.3.31 Arbitrary File Write
The version of PHP installed on the remote host is 7.3.x prior to 7.3.31. It is, therefore, affected by a vulnerability as referenced in the version 7.3.31 advisory. In the Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when...
CVE-2021-21706
In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS...
CVE-2021-21706
In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS...
CVE-2021-21706
In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS...
Design/Logic Flaw
In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS...
CVE-2021-21706
CVE-2021-21706 affects PHP on Windows: ZipArchive::extractTo can write files outside the target directory when extracting ZIPs. Affected are PHP 7.3.x < 7.3.31, 7.4.x < 7.4.24, and 8.0.x
CVE-2021-21706 ZipArchive::extractTo may extract outside of destination dir
In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS...