Lucene search
K

151 matches found

Cvelist
Cvelist
added 2021/10/04 4:0 a.m.38 views

CVE-2021-21706 ZipArchive::extractTo may extract outside of destination dir

In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS...

5.3CVSS6.8AI score0.01337EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2021/10/04 4:0 a.m.29 views

CVE-2021-21706

In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS...

6.5CVSS6AI score0.01337EPSS
Exploits0
OSV
OSV
added 2021/09/29 5:22 p.m.2 views

MGASA-2021-0442 Updated php packages fix security vulnerabilities

Updated php packages fix security vulnerabilities: - Integer overflow in mysqlirealescapestring - Symlinks are followed when creating PHAR archive - shmop can't read beyond 2147483647 bytes - Integer overflow on substrreplace - Heap buffer overflow via strrepeat - Integer Overflow when...

7.8AI score
Exploits0References4
Mageia
Mageia
added 2021/09/29 5:22 p.m.13 views

Updated php packages fix security vulnerabilities

Updated php packages fix security vulnerabilities: - Integer overflow in mysqlirealescapestring - Symlinks are followed when creating PHAR archive - shmop can't read beyond 2147483647 bytes - Integer overflow on substrreplace - Heap buffer overflow via strrepeat - Integer Overflow when...

1.9AI score
Exploits0References3
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.44 views

SUSE: Security Advisory (SUSE-SU-2016:2975-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.2AI score0.0926EPSS
Exploits6References5
wpexploit
wpexploit
added 2020/08/24 12:0 a.m.26 views

Autoptimize < 2.7.7 - Authenticated Arbitrary File Upload

The aoccssimport AJAX call does not ensure that the file provided is a legitimate Zip file, allowing high privilege users to upload arbitrary files, such as PHP, leading to RCE. https://drive.google.com/file/d/1siZsDiJsYRCw58Ksram5zBJOVbs-Hio1/view?usp=sharing POST /wp-admin/admin-ajax.php HTTP/1...

6.5CVSS0.2AI score0.13139EPSS
Exploits6References1
Tenable Nessus
Tenable Nessus
added 2020/05/01 12:0 a.m.32 views

EulerOS Virtualization for ARM 64 3.0.2.0 : libvirt (EulerOS-SA-2020-1572)

According to the version of the libvirt packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - phpzip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with...

5.7CVSS7.4AI score0.00813EPSS
Exploits0References2
OSV
OSV
added 2020/04/20 2:2 p.m.15 views

MGASA-2020-0178 Updated php packages fix security vulnerability

Updated php packages fix security vulnerabilities: - OOB Read in urldecode CVE-2020-7067 - Integer Overflow in shmopopen Noteable changes: - Opcache chokes and uses 100% CPU on specific script - curlcopyhandle memory leak - ZipArchive::open fails on empty file...

7.5CVSS7.6AI score0.04311EPSS
Exploits1References3
Mageia
Mageia
added 2020/04/20 2:2 p.m.52 views

Updated php packages fix security vulnerability

Updated php packages fix security vulnerabilities: - OOB Read in urldecode CVE-2020-7067 - Integer Overflow in shmopopen Noteable changes: - Opcache chokes and uses 100% CPU on specific script - curlcopyhandle memory leak - ZipArchive::open fails on empty file...

7.5CVSS2.3AI score0.04311EPSS
Exploits1References2
Veracode
Veracode
added 2020/04/10 12:31 a.m.29 views

Directory Traversal

php is vulnerable to directory traversal. The vulnerability exists in the PHP's ZipArchive::extractTo function. If PHP is used to extract a malicious ZIP archive, it could allow an attacker to write arbitrary files anywhere the PHP process has write permissions...

7.5CVSS4.6AI score0.04028EPSS
Exploits1References23Affected Software1
Talos
Talos
added 2019/03/09 12:0 a.m.59 views

WAGO e!COCKPIT Firmware Downgrade Vulnerability

Summary An exploitable firmware downgrade vulnerability exists in the firmware update package functionality of the WAGO e!COCKPIT automation software. A specially crafted firmware update file can allow an attacker to install an older firmware version while the user thinks a newer firmware version...

7.8CVSS7.8AI score0.01114EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/03/01 12:0 a.m.364 views

PHP 7.0.x < 7.0.0 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 7.x prior to 7.0.0. It is, therefore, affected by the following vulnerabilities: - A directory traversal vulnerability in the ZipArchive::extractTo function of ext/zip/phpzip.c script. An unauthenticated, remote...

7.5CVSS7AI score0.08276EPSS
Exploits3References5
myhack58
myhack58
added 2019/01/26 12:0 a.m.864 views

PhpSpreadsheet 1.5.0 XXE vulnerability reproduction and analysis-vulnerability warning-the black bar safety net

0x01 introduction PhpSpreadsheet is a very popular pure PHP class library that allows you to easily read and write Excel, LibreOffic Calc and other spreadsheet file formats, is PHPExcel alternative. 2018 11 October 13, PhpSpreadsheet was broke presence of the XXE vulnerability, CVE-2018-19277, in...

6.8CVSS0.1AI score0.07791EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2019/01/09 12:0 a.m.73 views

PHP 7.0.x < 7.0.6 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.6. It is, therefore, affected by multiple vulnerabilities : - A signedness error exists in the GD Graphics library within file gdgd2.c due to improper validation of user-supplied input when handling...

9.8CVSS9AI score0.56132EPSS
Exploits21References11
Exploit DB
Exploit DB
added 2018/11/13 12:0 a.m.79 views

Musicco 2.0.0 - Arbitrary Directory Download

Exploit Title: Musicco 2.0.0 - Arbitrary Directory Download Dork: N/A Date: 2018-11-09 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.musicco.app/ Software Link: https://codeload.github.com/micser/musicco/zip/master Version: 2.0.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE:...

7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2017/10/02 12:0 a.m.51 views

FreeBSD : wordpress -- multiple issues (a48d4478-e23f-4085-8ae4-6b3a7b6f016b)

wordpress developers report : Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL. Before version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view via a crafted template name. Before...

7.5CVSS6.3AI score0.13385EPSS
Exploits1References20
CNVD
CNVD
added 2017/09/25 12:0 a.m.54 views

WordPress ZipArchive and PclZip Component Directory Traversal Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports in PHP and MySQL servers to set up a personal blog site . ZipArchive and PclZip components are among the compression/decompression components . A directory traversal...

7.5CVSS8.1AI score0.13385EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2017/09/23 8:29 p.m.44 views

CVE-2017-14719

Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components...

7.5CVSS7.1AI score0.13385EPSS
Exploits1References3
Prion
Prion
added 2017/09/23 8:29 p.m.25 views

Directory traversal

Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components...

5CVSS7.4AI score0.13385EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2017/09/23 8:29 p.m.4 views

UBUNTU-CVE-2017-14719

Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components...

7.5CVSS7.1AI score0.13385EPSS
Exploits1References4
Rows per page
Query Builder