14 matches found
Archive_Tar contains Potential RCE if filename starts with phar://
PEAR ArchiveTar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the ArchiveTar class. There are several file operations with $vheader'filename' as parameter such as fileexists, isfile, isdir, etc. When extract is called without a specific prefix path, we can trigger...
GHSA-3Q76-JQ6M-573P Archive_Tar contains Potential RCE if filename starts with phar://
PEAR ArchiveTar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the ArchiveTar class. There are several file operations with $vheader'filename' as parameter such as fileexists, isfile, isdir, etc. When extract is called without a specific prefix path, we can trigger...
Ghost Foundation node-sqlite3 code execution vulnerability
Talos Vulnerability Report TALOS-2022-1645 Ghost Foundation node-sqlite3 code execution vulnerability March 16, 2023 CVE Number CVE-2022-43441 SUMMARY A code execution vulnerability exists in the Statement Bindings functionality of Ghost Foundation node-sqlite3 5.1.1. A specially-crafted Javascri...
Huawei EulerOS: Security Advisory for php-pear (EulerOS-SA-2019-1121)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2018-1000888
PEAR ArchiveTar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the ArchiveTar class. There are several file operations with $vheader'filename' as parameter such as fileexists, isfile, isdir, etc. When extract is called without a specific prefix path, we can trigger...
EulerOS 2.0 SP2 : php-pear (EulerOS-SA-2019-1121)
According to the version of the php-pear package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - PEAR ArchiveTar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the ArchiveTar class. There are several file operations wit...
EulerOS 2.0 SP5 : php-pear (EulerOS-SA-2019-1147)
According to the version of the php-pear package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - PEAR ArchiveTar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the ArchiveTar class. There are several file operations wit...
Amazon Linux 2 : php-pear (ALAS-2019-1159)
PEAR ArchiveTar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the ArchiveTar class. There are several file operations with $vheader'filename' as parameter such as fileexists, isfile, isdir, etc. When extract is called without a specific prefix path, we can trigger...
Arbitrary file deletion
PEAR ArchiveTar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the ArchiveTar class. There are several file operations with $vheader'filename' as parameter such as fileexists, isfile, isdir, etc. When extract is called without a specific prefix path, we can trigger...
CVE-2018-1000888
PEAR ArchiveTar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the ArchiveTar class. There are several file operations with $vheader'filename' as parameter such as fileexists, isfile, isdir, etc. When extract is called without a specific prefix path, we can trigger...
CVE-2018-1000888
PEAR ArchiveTar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the ArchiveTar class. There are several file operations with $vheader'filename' as parameter such as fileexists, isfile, isdir, etc. When extract is called without a specific prefix path, we can trigger...
Proxmox VE 34 - Insecure Hostname Checking Remote Command Execution
Proxmox VE 34 - Insecure Hostname Checking Remote Command Execution ===================================================================== Proxmox VE 3/4 Insecure Hostname Checking Remote Root Exploit, XSS, Privileges escalation =====================================================================...
Proxmox VE 3/4 - Insecure Hostname Checking Remote Root Exploit
Exploit for linux platform in category remote exploits ===================================================================== Proxmox VE 3/4 Insecure Hostname Checking Remote Root Exploit, XSS, Privileges escalation ===================================================================== Description...
Proxmox VE 3/4 - Insecure Hostname Checking Remote Command Execution
===================================================================== Proxmox VE 3/4 Insecure Hostname Checking Remote Root Exploit, XSS, Privileges escalation ===================================================================== Description =========== Proxmox is a popular virtualization solutio...