151 matches found
UBUNTU-CVE-2017-14719
Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components...
CVE-2017-14719
Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components...
CVE-2017-14719
Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components...
CVE-2017-14719
CVE-2017-14719 : WordPress
CVE-2017-14719
Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components...
wordpress -- multiple issues
wordpress developers report: Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL. Before version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view via a crafted template name. Before versi...
WordPress: Wordpress unzip_file path traversal
Summary The Wordpress unzipfile function https://codex.wordpress.org/FunctionReference/unzipfile is vulnerable to path traversal when extracting zip files. Extracting untrusted zip files using this function this could lead to code execution through placing arbitrary PHP files in the DocumentRoot ...
SUSE SLED12 / SLES12 Security Update : php5 (SUSE-SU-2016:2975-1)
This update for php5 fixes the following issues : - CVE-2016-9137: Use After Free in unserialize bsc1008029 - CVE-2016-5773: ZipArchive class Use After Free Vulnerability in PHP's GC bsc986247 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE...
php: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize
phpzip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free and application crash...
Design/Logic Flaw
phpzip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free and application crash...
CVE-2016-5773
phpzip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free and application crash...
CVE-2016-3078
CVE-2016-3078 affects the PHP zip extension (php_zip.c). A crafted ZIP file can trigger an integer overflow in getFromIndex/getFromName within ZipArchive, leading to a heap-based overflow and plausible denial of service or other impact. Affects PHP versions prior to 7.0.6; patched in 7.0.6+ (and ...
Fedora 23 : php-pecl-zip (2016-4f3c77ef90)
Version 1.13.3 - Fixed bug php71923 integer overflow in ZipArchive::getFrom. CVE-2016-3078 Stas - Fixed bug php72258 ZipArchive converts filenames to unrecoverable form. Anatol - Fixed bug php72434 ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize. Dmitry Note th...
Fedora 24 : php-pecl-zip (2016-79ac80a0d5)
Version 1.13.3 - Fixed bug php71923 integer overflow in ZipArchive::getFrom. CVE-2016-3078 Stas - Fixed bug php72258 ZipArchive converts filenames to unrecoverable form. Anatol - Fixed bug php72434 ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize. Dmitry Note th...
Security update for php5 (important)
php5 was updated to fix nine security issues. These security issues were fixed: - CVE-2016-5773: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize bsc986247. - CVE-2016-5772: Double Free Courruption in wddxdeserialize bsc986244. - CVE-2016-5771: Use After Free...
CVE-2016-5773
phpzip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free and application crash...
PHP memory misreference vulnerability (CNVD-2016-04368)
PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. A memory misreference vulnerability exists in PHP's GC algorithm and unserialize function, which can be exploited by remote attackers to execute...
Internet Bug Bounty: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize
https://bugs.php.net/bug.php?id=72434 This vulnerability was discovered during the auditing of a vendor on Hackerone. Similar to our other submission on bugs.php.net and here, this vulnerability is remotely exploitable. Please feel free to ask for more technical details if necessary. Thank you fo...
CVE-2014-9767
Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/phpzip.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 and ext/zip/extzip.cpp in HHVM before 3.12.1 allows remote attackers to create arbitrary empty directories via a crafted ZIP archive...
CVE-2014-9767
CVE-2014-9767 is a directory traversal vulnerability in PHP’s ZipArchive::extractTo (ext/zip/php_zip.c) and HHVM’s ext/zip/ext_zip.cpp. It affects PHP versions before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, as well as HHVM before 3.12.1, allowing remote attackers to create arbitrary...