RSS   Vulnerabilities for 'PEAR'   RSS

2011-03-02
 
CVE-2011-1144

CWE-59
 

 
The installer in PEAR 1.9.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1072.

 
 
CVE-2011-1072

CWE-59
 

 
The installer in PEAR before 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories, a different vulnerability than CVE-2007-2519.

 
2006-01-09
 
CVE-2006-0144

CWE-94
 

 
The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.

 
2005-12-10
 
CVE-2005-4154

 

 
Unspecified vulnerability in PEAR installer 1.4.2 and earlier allows user-assisted attackers to execute arbitrary code via a crafted package that can execute code when the pear command is executed or when the Web/Gtk frontend is loaded.

 

 >>> Vendor: PHP 25 Products
PHP
Php fi
Phorum
Phpsquidpass
PEAR
Blog cms
Pear archive tar
Comoblog
Php script index
Directory listing script
Animated smiley generator
Errordocs
Ar memberscript
BLOQ
Com extensions
Mysql extension
Mysql banner exchange
F1 maxs file uploader
Xhprof
Php perl hot links
Pecl http
Imagick
Ext-http
Archive tar
Pearweb


Copyright 2024, cxsecurity.com

 

Back to Top