CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

20 matches found

Fedora•added 2022/11/11 12:50 a.m.•21 views

[SECURITY] Fedora 35 Update: php-pear-CAS-1.6.0-1.fc35

This package is a PEAR library for using a Central Authentication Service. Autoloader: %pearphpdir/CAS/Autoload.php...

8CVSS3.2AI score0.00989EPSS

Exploits0

BDU FSTEC•added 2022/04/06 12:0 a.m.•2 views

The vulnerability lies in the implementation of the `mt_rand()` and `time()` functions in the pearweb package’s PHP classes from the PEAR library. This allows an attacker to gain unauthorized access to protected information or execute arbitrary code.

The vulnerability in the implementation of the mtrand and time functions in the pearweb package’s PHP class library in the PEAR library is related to the use of an insufficiently secure MD5 encryption algorithm. Exploiting this vulnerability could allow an attacker to gain unauthorized access to...

7.8CVSS5.8AI score

Exploits0References6Affected Software1

BDU FSTEC•added 2021/07/15 12:0 a.m.•1 views

The vulnerability of the _maliciousfilename function in the Archive_Tar class of the PHP classes in the PEAR library allows a malicious actor to execute arbitrary PHP code.

The vulnerability of the maliciousfilename function in the ArchiveTar class of the PHP classes in the PEAR library is related to the restoration of a unreliable data structure in memory. Exploiting this vulnerability allows an attacker to execute arbitrary PHP code using a specially crafted .tar...

8.8CVSS7.6AI score0.76873EPSS

Exploits2References10Affected Software5

BDU FSTEC•added 2021/07/15 12:0 a.m.•1 views

The vulnerability of the Archive_Tar class in the PHP classes library of PEAR allows a attacker to overwrite protected files.

The vulnerability of the ArchiveTar class in the PHP classes library of PEAR is related to insufficient cleaning of special elements in the output data used by the incoming component. Exploiting this vulnerability could allow an attacker to overwrite protected files by using a specially crafted...

8.8CVSS7.5AI score0.93364EPSS

Exploits4References12Affected Software5

OSV•added 2020/12/01 12:38 p.m.•1 views

USN-4654-1 php-pear vulnerabilities

It was discovered that PEAR incorrectly sanitized filenames. A remote attacker could possibly use this issue to execute arbitrary code...

7.8CVSS7.5AI score0.93364EPSS

Exploits5References3

OpenVAS•added 2019/05/07 12:0 a.m.•64 views

Fedora Update for php-pear-CAS FEDORA-2018-6d62140b89

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score

Exploits0References2

Fedora•added 2018/11/09 5:56 a.m.•15 views

[SECURITY] Fedora 27 Update: php-pear-CAS-1.3.6-1.fc27

This package is a PEAR library for using a Central Authentication Service. Autoloader '%pearphpdir/CAS/Autoload.php';...

3.2AI score

Exploits0

Fedora•added 2017/04/22 9:23 a.m.•8 views

[SECURITY] Fedora 25 Update: php-pear-CAS-1.3.5-1.fc25

This package is a PEAR library for using a Central Authentication Service. Autoloader '%pearphpdir/CAS/Autoload.php';...

3.2AI score

Exploits0

Fedora•added 2017/04/21 2:30 p.m.•12 views

[SECURITY] Fedora 26 Update: php-pear-CAS-1.3.5-1.fc26

This package is a PEAR library for using a Central Authentication Service. Autoloader '%pearphpdir/CAS/Autoload.php';...

3.2AI score

Exploits0

OSV•added 2014/09/27 10:55 a.m.•0 views

UBUNTU-CVE-2014-5459

The PEARREST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack on a 1 rest.cachefile or 2 rest.cacheid file in /tmp/pear/cache/, related to the retrieveCacheFirst and useLocalCache functions...

3.6CVSS7.4AI score0.00077EPSS

Exploits1References2

Fedora•added 2013/01/12 1:11 a.m.•18 views

[SECURITY] Fedora 18 Update: php-pear-CAS-1.3.2-1.fc18