Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: php-pear (UTSA-2025-003055)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-003055 advisory. Tar.php in ArchiveTar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948...

TencentOS Server 2: php-pear (TSSA-2022:0284)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0284 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities...

SUSE CVE-2009-4025

Argument injection vulnerability in the traceroute function in Traceroute.php in the NetTraceroute package before 0.21.2 for PEAR allows remote attackers to execute arbitrary shell commands via the host parameter. NOTE: some of these details are obtained from third party information...

Huawei EulerOS: Security Advisory for php-pear (EulerOS-SA-2021-1345)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Someone Hacked PHP PEAR Site and Replaced the Official Package Manager

Beware! If you have downloaded PHP PEAR package manager from its official website in past 6 months, we are sorry to say that your server might have been compromised. Last week, the maintainers at PEAR took down the official website of the PEAR pear-php.net after they found that someone has replac...

HTTP_Upload 1.0.0.b3 Arbitrary File Upload

Credits: John Page AKA Hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/PEAR-HTTPUPLOAD-ARBITRARY-FILE-UPLOAD.txt + ISR: ApparitionSEC + Vendor: ============ pear.php.net Product: ==================== HTTPUpload v1.0.0b3 Download:...

Security Release: symfony 1.3.6 and 1.4.6

New releases for symfony 1.3 and 1.4 have been packaged sooner than expected to address a security vulnerability reported yesterday. It is strongly recommended that all applications running symfony 1.3 and 1.4 upgrade to this latest release immediately. The Security Fix One of the enhancements...

symfony 1.3.5 and 1.4.5

The symfony core team is happy to announce the immediate availability of symfony versions 1.3.5 and 1.4.5. Read on for the details. Security Fix A vulnerability was discovered in Doctrine and Propel form classes that allowed a user to update a record other than the one presented in the form. The...

Design/Logic Flaw

Argument injection vulnerability in the traceroute function in Traceroute.php in the NetTraceroute package before 0.21.2 for PEAR allows remote attackers to execute arbitrary shell commands via the host parameter. NOTE: some of these details are obtained from third party information...

New PEAR / Apache2Triad Exploit

File: go-pear.php Affects: v0.2.2 May affect other versions Date: 6th January 2006 Issue Description: ==================================== A vulnerability exists within version 0.2.2 of go-pear.php, part of PHP's PEAR Package. The problem lies in the scripts capacity to utilize a proxy server. An...