26 matches found
EUVD-2005-4149
Malware in sbrugna...
EUVD-2011-1087
Malware in sbrugna...
EUVD-2007-2512
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2011-1144
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The installer in PEAR 1.9.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the 1...
SUSE CVE-2007-2519
Directory traversal vulnerability in the installer in PEAR 1.0 through 1.5.3 allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in the 1 install-as attribute in the file element in package.xml 1.0 or the 2 as attribute in the install element in package.xm...
SUSE CVE-2011-1072
The installer in PEAR before 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the 1 downloaddir, 2 cachedir, 3 tmpdir, and 4 pear-build-download directories, a different vulnerability than CVE-2007-2519...
SUSE CVE-2011-1144
The installer in PEAR 1.9.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the 1 downloaddir, 2 cachedir, 3 tmpdir, and 4 pear-build-download directories. NOTE: this vulnerability exists because of an incomplete fix for...
PHP <= 5.6.0 'PEAR' Symlink Attack Vulnerability
PHP is prone to a symlink attack vulnerability in the included PEAR installer. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Debian DSA-2408-1 : php5 - several vulnerabilities
Several vulnerabilities have been discovered in PHP, the web scripting language. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2011-1072 It was discovered that insecure handling of temporary files in the PEAR installer could lead to denial of service. -...
DSA-2408-1 php5 - several
Bulletin has no description...
php-pear: symlink vulnerability in PEAR installer
The installer in PEAR before 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the 1 downloaddir, 2 cachedir, 3 tmpdir, and 4 pear-build-download directories, a different vulnerability than CVE-2007-2519...
USN-1126-1: PHP vulnerabilities
Stephane Chazelas discovered that the /etc/cron.d/php5 cron job for PHP 5.3.5 allows local users to delete arbitrary files via a symlink attack on a directory under /var/lib/php5/. CVE-2011-0441 Raphael Geisert and Dan Rosenberg discovered that the PEAR installer allows local users to overwrite...
CVE-2011-1072
The installer in PEAR before 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the 1 downloaddir, 2 cachedir, 3 tmpdir, and 4 pear-build-download directories, a different vulnerability than CVE-2007-2519...
CVE-2011-1144
The installer in PEAR 1.9.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the 1 downloaddir, 2 cachedir, 3 tmpdir, and 4 pear-build-download directories. NOTE: this vulnerability exists because of an incomplete fix for...
Design/Logic Flaw
The installer in PEAR 1.9.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the 1 downloaddir, 2 cachedir, 3 tmpdir, and 4 pear-build-download directories. NOTE: this vulnerability exists because of an incomplete fix for...
CVE-2011-1072
The installer in PEAR before 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the 1 downloaddir, 2 cachedir, 3 tmpdir, and 4 pear-build-download directories, a different vulnerability than CVE-2007-2519...
CVE-2011-1072
The installer in PEAR before 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the 1 downloaddir, 2 cachedir, 3 tmpdir, and 4 pear-build-download directories, a different vulnerability than CVE-2007-2519...
CVE-2011-1144
The installer in PEAR 1.9.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the 1 downloaddir, 2 cachedir, 3 tmpdir, and 4 pear-build-download directories. NOTE: this vulnerability exists because of an incomplete fix for...
Mandriva Update for php-pear MDKSA-2007:110 (php-pear)
Check for the Version of php-pear OpenVAS Vulnerability Test Mandriva Update for php-pear MDKSA-2007:110 php-pear Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...
Mandrake Linux Security Advisory : php-pear (MDKSA-2007:110)
A security hole was discovered in all versions of the PEAR Installer http://pear.php.net/PEAR. The security hole is the most serious hole found to date in the PEAR Installer, and would allow a malicious package to install files anywhere in the filesystem. The vulnerability only affects users who...