RSS   Vulnerabilities for 'PEAR'   RSS

2011-03-02
 
CVE-2011-1144

CWE-59
 

 
The installer in PEAR 1.9.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1072.

 
 
CVE-2011-1072

CWE-59
 

 
The installer in PEAR before 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories, a different vulnerability than CVE-2007-2519.

 
2006-01-09
 
CVE-2006-0144

CWE-94
 

 
The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.

 
2005-12-10
 
CVE-2005-4154

 

 
Unspecified vulnerability in PEAR installer 1.4.2 and earlier allows user-assisted attackers to execute arbitrary code via a crafted package that can execute code when the pear command is executed or when the Web/Gtk frontend is loaded.

 

 >>> Vendor: PHP 22 Products
PHP
Php fi
Phpsquidpass
PEAR
Comoblog
Php script index
Directory listing script
Animated smiley generator
Errordocs
Phorum
Blog cms
Ar memberscript
BLOQ
Com extensions
Mysql extension
Mysql banner exchange
F1 maxs file uploader
Xhprof
Php perl hot links
Pecl http
Pear archive tar
Imagick


Copyright 2019, cxsecurity.com

 

Back to Top