Filtered by vendor Pear
Subscribe
Total
14 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-24953 | 1 Pear | 1 Crypt Gpg | 2022-02-25 | 5.0 MEDIUM | 5.3 MEDIUM |
The Crypt_GPG extension before 1.6.7 for PHP does not prevent additional options in GPG calls, which presents a risk for certain environments and GPG versions. | |||||
CVE-2017-5677 | 1 Pear | 1 Html Ajax | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
PEAR HTML_AJAX 0.3.0 through 0.5.7 has a PHP Object Injection Vulnerability in the PHP Serializer. It allows remote code execution. In one viewpoint, the root cause is an incorrect regular expression. | |||||
CVE-2005-1921 | 1 Pear | 1 Xml Rpc | 2018-10-19 | 7.5 HIGH | N/A |
Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement. | |||||
CVE-2006-0869 | 1 Pear | 1 Pear Liveuser | 2018-10-18 | 6.4 MEDIUM | N/A |
Directory traversal vulnerability in the "remember me" feature in liveuser.php in PHP Extension and Application Repository (PEAR) LiveUser 0.16.8 and earlier allows remote attackers to determine file existence, and possibly delete arbitrary files with short pathnames or possibly read arbitrary files, via a .. (dot dot) in the store_id value of a cookie. | |||||
CVE-2006-0931 | 1 Pear | 1 Pear Archive Tar | 2018-10-18 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in PEAR::Archive_Tar 1.2, and other versions before 1.3.2, allows remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a TAR archive. | |||||
CVE-2006-0932 | 1 Pear | 1 Pear Archive Zip | 2018-10-18 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in zip.lib.php 0.1.1 in PEAR::Archive_Zip allows remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a ZIP archive. | |||||
CVE-2006-0868 | 1 Pear | 1 Xml Rpc | 2018-10-18 | 7.5 HIGH | N/A |
Multiple unspecified injection vulnerabilities in unspecified Auth Container back ends for PEAR::Auth before 1.2.4, and 1.3.x before 1.3.0r4, allow remote attackers to "falsify authentication credentials," related to the "underlying storage containers." | |||||
CVE-2009-4023 | 1 Pear | 1 Pear | 2017-08-16 | 7.5 HIGH | N/A |
Argument injection vulnerability in the sendmail implementation of the Mail::Send method (Mail/sendmail.php) in the Mail package 1.1.14 for PEAR allows remote attackers to read and write arbitrary files via a crafted $from parameter, a different vector than CVE-2009-4111. | |||||
CVE-2009-4024 | 1 Pear | 1 Pear | 2017-08-16 | 10.0 HIGH | N/A |
Argument injection vulnerability in the ping function in Ping.php in the Net_Ping package before 2.4.5 for PEAR allows remote attackers to execute arbitrary shell commands via the host parameter. NOTE: this has also been reported as a shell metacharacter problem. | |||||
CVE-2009-4025 | 1 Pear | 1 Pear | 2017-08-16 | 10.0 HIGH | N/A |
Argument injection vulnerability in the traceroute function in Traceroute.php in the Net_Traceroute package before 0.21.2 for PEAR allows remote attackers to execute arbitrary shell commands via the host parameter. NOTE: some of these details are obtained from third party information. | |||||
CVE-2007-5934 | 1 Pear | 1 Structures Datagrid Datasource Mdb2 | 2011-03-07 | 4.3 MEDIUM | N/A |
The LOB functionality in PEAR MDB2 before 2.5.0a1 interprets a request to store a URL string as a request to retrieve and store the contents of the URL, which might allow remote attackers to use MDB2 as an indirect proxy or obtain sensitive information via a URL into a form field in an MDB2 application, as demonstrated by a file:// URL or a URL for an intranet web site. | |||||
CVE-2007-3628 | 1 Pear | 1 Structures Datagrid Datasource Mdb2 | 2011-03-07 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in the fetch function in MDB2.php in PEAR Structures-DataGrid-DataSource-MDB2 0.1.9 and earlier allows attackers to "manipulate the generated sorting queries." | |||||
CVE-2009-4111 | 1 Pear | 1 Mail | 2010-12-06 | 6.8 MEDIUM | N/A |
Argument injection vulnerability in Mail/sendmail.php in the Mail package 1.1.14, 1.2.0b2, and possibly other versions for PEAR allows remote attackers to read and write arbitrary files via a crafted $recipients parameter, and possibly other parameters, a different vulnerability than CVE-2009-4023. | |||||
CVE-2005-4730 | 1 Pear | 1 Text Password | 2008-09-05 | 10.0 HIGH | N/A |
Unspecified vulnerability in PEAR Text_Password 1.0 has unknown impact and attack vectors, related to "problematic seeding" of the random number generator, possibly predictable seeds. |