NomanProdhan

icon indicating a website link https://nomanprodhan.com

icon location Hi, I am Noman. A Cyber Security Enthusiast from Bangladesh.

Results 3 issues of NomanProdhan

DoS: WireFileTools::unzip() extracts archives before validation with no size/entry limits → lang-edit user can trigger GB-scale expansion

8 comment

### CVE-2025-60790 — ProcessWire 3.0.246 DoS via unlimited pre-validation ZIP extraction in Language Support - **Components:** WireUpload::saveUploadZip(), WireFileTools::unzip() - **Who can exploit:** User with `lang-edit` - **Impact:** Resource-exhaustion (CPU/disk) -...

Unauthenticated arbitrary file upload in bundled demo endpoint leads to code execution in common deployments

**Component/Path:** - `libs/jQuery-File-Upload/server/php/index.php` (demo endpoint that instantiates `UploadHandler`) - Upload directory: `libs/jQuery-File-Upload/server/php/files/` - Upload policy source: `libs/jQuery-File-Upload/server/php/UploadHandler.php` (`accept_file_types => /.+$/i`) **Tested Version:** [v2.7.6](https://github.com/psolom/RichFilemanager/tree/v2.7.6) **Environment:** PHP `8.4.11`, served by `php -S...

XMLPrinter::Write: size_t→int truncation causes incorrect buffer growth and OOM

## Description `tinyxml2::XMLPrinter::Write(const char* data, size_t size)` narrows `size` to `int` when growing the internal buffer, then copies `size` bytes. If `size > INT_MAX`, this truncation/underflow feeds an incorrect count...