13 matches found
EUVD-2011-1087
Malware in sbrugna...
EUVD-2007-2512
Malware in sbrugna...
SUSE CVE-2007-2519
Directory traversal vulnerability in the installer in PEAR 1.0 through 1.5.3 allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in the 1 install-as attribute in the file element in package.xml 1.0 or the 2 as attribute in the install element in package.xm...
CVE-2007-2519
Directory traversal vulnerability in the installer in PEAR 1.0 through 1.5.3 allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in the 1 install-as attribute in the file element in package.xml 1.0 or the 2 as attribute in the install element in package.xm...
Mandriva Linux Security Advisory : php-pear (MDVSA-2011:187)
A vulnerability has been discovered and corrected in php-pear : The installer in PEAR before 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the 1 downloaddir, 2 cachedir, 3 tmpdir, and 4 pear-build-download directories, a different...
php-pear: symlink vulnerability in PEAR installer
The installer in PEAR before 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the 1 downloaddir, 2 cachedir, 3 tmpdir, and 4 pear-build-download directories, a different vulnerability than CVE-2007-2519...
Design/Logic Flaw
The installer in PEAR 1.9.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the 1 downloaddir, 2 cachedir, 3 tmpdir, and 4 pear-build-download directories. NOTE: this vulnerability exists because of an incomplete fix for...
Design/Logic Flaw
The installer in PEAR before 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the 1 downloaddir, 2 cachedir, 3 tmpdir, and 4 pear-build-download directories, a different vulnerability than CVE-2007-2519...
CVE-2011-1072
The installer in PEAR before 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the 1 downloaddir, 2 cachedir, 3 tmpdir, and 4 pear-build-download directories, a different vulnerability than CVE-2007-2519...
CVE-2011-1144
The installer in PEAR 1.9.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the 1 downloaddir, 2 cachedir, 3 tmpdir, and 4 pear-build-download directories. NOTE: this vulnerability exists because of an incomplete fix for...
CVE-2007-2519
Directory traversal vulnerability in the installer in PEAR 1.0 through 1.5.3 allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in the 1 install-as attribute in the file element in package.xml 1.0 or the 2 as attribute in the install element in package.xm...
CVE-2007-2519
Directory traversal vulnerability in the installer in PEAR 1.0 through 1.5.3 allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in the 1 install-as attribute in the file element in package.xml 1.0 or the 2 as attribute in the install element in package.xm...
PHP PEAR 1.5.3 - INSTALL-AS Attribute Arbitrary File Overwrite
PHP PEAR 1.5.3 - INSTALL-AS Attribute Arbitrary File Overwrite source: https://www.securityfocus.com/bid/24111/info PEAR is prone to a vulnerability that lets attackers overwrite arbitrary files. An attacker-supplied package may supply directory-traversal strings through the 'install-as' attribut...