8 matches found
Pear Archive_Tar 安全漏洞
Pear ArchiveTar is a PHP-based software developed by the PEAR team that allows for creating and extracting tar packages. Prior to version 3.08, Pear ArchiveTar had a security vulnerability. This vulnerability stemmed from the makespecialfile function, which passed the linkname of the tar header t...
Pear Archive_Tar 安全漏洞
Pear ArchiveTar is a PHP-based software developed by the PEAR team that allows for creating and extracting tar packages. Prior to version 3.08, Pear ArchiveTar had a security vulnerability. This vulnerability stemmed from the makespecialfile function, which passed the linkname of the tar header t...
GHSA-F3XW-VGC7-F7H8 PEAR::Archive_Tar Directory Traversal vulnerability
Directory traversal vulnerability in PEAR::ArchiveTar 1.2, and other versions before 1.3.2, allows remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a TAR archive...
Backdrop CMS 后置链接漏洞
Backdrop CMS is an open source content management system CMS. A backlink vulnerability exists in Backdrop CMS. The vulnerability stems from the use of the third-party PEAR ArchiveTar library and could allow a remote attacker to execute arbitrary code on the system...
Vulnerability fixed in PEAR
A vulnerability has been fixed in PEAR ArchiveTar. A malicious party could potentially exploit the vulnerability to run execute arbitrary PHP code under the privileges of the application. To do this, the malicious party must create a rogue .tar-, .tar.gz, .bz2, or .tlz file to be processed by the...
Pear Archive_Tar Injection Vulnerability
Pear ArchiveTar is a Php-based software from the Pear PEAR team that can create and extract tarballs. A security vulnerability exists in ArchiveTar version 1.4.10 and earlier versions, which stems from the :// filename sanitization attack only for phar, so any other stream-wrapper file:// to...
Pear Archive_Tar Code Issue Vulnerability
Pear ArchiveTar is a Php-based software from the Pear PEAR team that can perform creation, extraction, etc. on tarballs. A security vulnerability exists in ArchiveTar version 1.4.10 and earlier versions that allows deserialization attacks because phar: is blocked while phar: is not...
USN-3857-1 php-pear vulnerability
Fariskhi Vidyan discovered that PEAR ArchiveTar incorrectly handled certain archive paths. A remote attacker could possibly use this issue to execute arbitrary code...