Drupal 7.x < 7.75 / 8.x < 8.8.12 / 8.9.x < 8.9.10 / 9.0.x < 9.0.9 Multiple Vulnerabilities (SA-CORE-2020-013)

According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.75, 8.x prior to 8.8.12, 8.9.x prior to 8.9.10, or 9.0.x prior to 9.0.9. It is, therefore, affected by multiple vulnerabilities: - ArchiveTar through 1.4.10 allows an unserialization...

Debian: Security Advisory (DLA-2465-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-2465-1 : php-pear security update

It was discovered that there was a filename sanitisation issue in php-pear, a distribution system for reusable PHP components. For Debian 9 'Stretch', this problem has been fixed in version 1:1.10.1+submodules+notgz-9+deb9u2. We recommend that you upgrade your php-pear packages. For the detailed...

WinSCP Buffer Overflow Vulnerability

WinSCP is a free open source SFTP, FTP, WebDAV, Amazon S3 and SCP client for Microsoft Windows. A buffer overflow vulnerability exists in WinSCP 5.17.8. An attacker can exploit this vulnerability to cause a denial of service via a malicious FTP server via a long filename...

[SECURITY] [DLA 2465-1] php-pear security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2465-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb November 23, 2020 https://wiki.debian.org/LTS -...

CVE-2020-13671

Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. This issue affects: Drupal Drupal Core 9.0 versions prior to...

CVE-2020-13671

Removed by vendor...

PHAR Unserialization

pear/archivetar is vulnerable to PHAR unserialization. The vulnerability exists due to the improper validation of filename that allows a filename that starts with PHAR:// to be executed...

Potential file overwrite if archive filename starts with file://

I have submitted this to the PEAR bug tracker as well as the PEAR group mailing list, and I'm not sure if either has gone through, so opening an issue here with the hope that this is the right place for it. While auditing a separate application which uses ArchiveTar internally, I found that...

CVE-2020-28949

ArchiveTar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack such as file:// to overwrite files can still succeed...

CVE-2020-28949

ArchiveTar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack such as file:// to overwrite files can still succeed...

CVE-2020-28949

ArchiveTar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack such as file:// to overwrite files can still succeed...

Code injection

ArchiveTar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack such as file:// to overwrite files can still succeed...

CVE-2020-28949

CVE-2020-28949 affects PEAR Archive_Tar (v1.4.10 and earlier). The issue is that Archive_Tar’s filename sanitization only addressed phar attacks; other stream-wrapper attacks (e.g., file://) can overwrite files, enabling potential arbitrary file writes. Affected ecosystem includes PHP-pear compon...

CVE-2020-28949

ArchiveTar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack such as file:// to overwrite files can still succeed...

CVE-2020-28949

ArchiveTar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack such as file:// to overwrite files can still succeed...

CVE-2020-28949

ArchiveTar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack such as file:// to overwrite files can still succeed...

Drupal Remote Code Execution Vulnerability (CNVD-2020-64563)

Drupal is an open source content management system developed by the Drupal community using the PHP language. A remote code execution vulnerability exists in Drupal. The vulnerability is due to Drupal core failing to properly handle certain filenames in uploaded files, which can be exploited by an...

Pear Archive_Tar Injection Vulnerability

Pear ArchiveTar is a Php-based software from the Pear PEAR team that can create and extract tarballs. A security vulnerability exists in ArchiveTar version 1.4.10 and earlier versions, which stems from the :// filename sanitization attack only for phar, so any other stream-wrapper file:// to...

CVE-2020-28949

ArchiveTar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack such as file:// to overwrite files can still succeed. Recent assessments: gwillcox-r7 at January 15, 2021 8:42pm UTC reported: Original advisory and PoC can be found at...