Lucene search
K

47 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-0782

Malware in sbrugna...

8CVSS8.1AI score0.02275EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-3679

Malicious code in bioql PyPI...

5CVSS6.6AI score0.0236EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2018-1000888

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PEAR ArchiveTar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the ArchiveTar class. There are several file operations with...

8.8CVSS8.7AI score0.18286EPSS
Exploits5References2
Github Security Blog
Github Security Blog
added 2024/05/15 9:2 p.m.26 views

Drupal core Arbitrary PHP code execution

The Drupal project uses the PEAR ArchiveTar library. The PEAR ArchiveTar library has released a security update that impacts Drupal. For more information please see: CVE-2020-28948 CVE-2020-28949 Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2, or .tlz...

7.8CVSS7.8AI score0.84554EPSS
Exploits5References3Affected Software1
Github Security Blog
Github Security Blog
added 2024/05/15 8:50 p.m.28 views

Drupal core Arbitrary PHP code execution

The Drupal project uses the PEAR ArchiveTar library. The PEAR ArchiveTar library has released a security update that impacts Drupal. For more information please see: CVE-2020-28948 CVE-2020-28949 Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2, or .tlz...

7.8CVSS7.8AI score0.84554EPSS
Exploits5References3Affected Software1
Github Security Blog
Github Security Blog
added 2023/07/07 1:42 p.m.37 views

Archive_Tar contains Potential RCE if filename starts with phar://

PEAR ArchiveTar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the ArchiveTar class. There are several file operations with $vheader'filename' as parameter such as fileexists, isfile, isdir, etc. When extract is called without a specific prefix path, we can trigger...

8.8CVSS8.6AI score0.18286EPSS
Exploits5References12Affected Software1
Check Point Advisories
Check Point Advisories
added 2022/10/18 12:0 a.m.3 views

PEAR Archive Tar Insecure Deserialization Code Execution (CVE-2020-28948)

An insecure deserialization vulnerability exists in the PEAR ArchiveTar module. The vulnerability is due to improper validation of file names inside TAR files. A remote attacker can exploit this vulnerability by sending malicious TAR files to the applications which are using PEAR ArchiveTar modul...

6.8CVSS3.8AI score0.47493EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
added 2022/08/25 12:0 a.m.20 views

PEAR Archive_Tar Deserialization of Untrusted Data Vulnerability

PEAR ArchiveTar allows an unserialization attack because phar: is blocked but PHAR: is not blocked. PEAR stands for PHP Extension and Application Repository and it is an open-source framework and distribution system for reusable PHP components with known usage in third-party products such as Drup...

7.8CVSS2.5AI score0.84554EPSS
In wildExploits4
Rapid7 Blog
Rapid7 Blog
added 2021/01/29 9:9 p.m.936 views

Metasploit Wrap-Up

MobileIron MDM Hessian-Based Java Deserialization RCE Our very own wvu-r7 has added exploits/linux/http/mobileironmdmhessianrce, which exploits an ACL bypass in MobileIron MDM products to execute a Java deserialization attack using a Groovy gadget against a Hessian based endpoint. CVE-2020-15505...

10CVSS1.1AI score0.99737EPSS
Exploits39
Tenable Nessus
Tenable Nessus
added 2021/01/26 12:0 a.m.40 views

GLSA-202101-23 : PEAR Archive_Tar: Directory traversal

The remote host is affected by the vulnerability described in GLSA-202101-23 PEAR ArchiveTar: Directory traversal Multiple vulnerabilities have been discovered in PEAR ArchiveTar. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CVE identifiers...

7.8CVSS7.6AI score0.84554EPSS
Exploits5References4
Gentoo Linux
Gentoo Linux
added 2021/01/26 12:0 a.m.86 views

PEAR Archive_Tar: Directory traversal

Background This class provides handling of tar files in PHP. Description Multiple vulnerabilities have been discovered in PEAR ArchiveTar. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

7.8CVSS1.7AI score0.84554EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2021/01/22 12:0 a.m.22 views

Drupal 9.0.x < 9.0.11 Third-Party Library Vulnerability

According to its self-reported version, the instance of Drupal running on the remote web server is 7.0.x prior to 7.78, 8.9.x prior to 8.9.13, 9.0.x prior to 9.0.11 or 9.1.x prior to 9.1.3. It is, therefore, affected by a directory traversal due to the PEAR ArchiveTar library used by Drupal. The...

7.5CVSS8.2AI score0.70595EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2021/01/22 12:0 a.m.14 views

Drupal 7.x < 7.78 Third-Party Library Vulnerability

According to its self-reported version, the instance of Drupal running on the remote web server is 7.0.x prior to 7.78, 8.9.x prior to 8.9.13, 9.0.x prior to 9.0.11 or 9.1.x prior to 9.1.3. It is, therefore, affected by a directory traversal due to the PEAR ArchiveTar library used by Drupal. The...

7.5CVSS8.2AI score0.70595EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2021/01/22 12:0 a.m.16 views

Drupal 8.9.x < 8.9.13 Third-Party Library Vulnerability

According to its self-reported version, the instance of Drupal running on the remote web server is 7.0.x prior to 7.78, 8.9.x prior to 8.9.13, 9.0.x prior to 9.0.11 or 9.1.x prior to 9.1.3. It is, therefore, affected by a directory traversal due to the PEAR ArchiveTar library used by Drupal. The...

7.5CVSS8.2AI score0.70595EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2020/12/23 1:31 p.m.43 views

CVE-2020-28949

A flaw was found in the ArchiveTar package. PEAR ArchiveTar could allow a local authenticated attacker to bypass security restrictions caused by a stream-wrapper attack. An attacker can overwrite arbitrary files on the system using a specially-crafted tar archive...

7.8CVSS3.2AI score0.84554EPSS
Exploits4References3
Tenable Nessus
Tenable Nessus
added 2020/12/21 12:0 a.m.31 views

Debian DSA-4817-1 : php-pear - security update

Two vulnerabilities were discovered in the PEAR ArchiveTar package for handling tar files in PHP, potentially allowing a remote attacker to execute arbitrary code or overwrite files. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian...

7.8CVSS8.1AI score0.84554EPSS
Exploits5References6
Debian
Debian
added 2020/12/19 9:59 a.m.98 views

[SECURITY] [DSA 4817-1] php-pear security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4817-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 19, 2020 https://www.debian.org/security/faq -...

7.8CVSS8.9AI score0.84554EPSS
Exploits5
OpenVAS
OpenVAS
added 2020/11/30 12:0 a.m.23 views

Drupal 7.x, 8.x, 9.x RCE Vulnerability (SA-CORE-2020-013) - Linux

Drupal is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:drupal:drupal";...

7.8CVSS8.2AI score0.84554EPSS
Exploits5References3
Drupal
Drupal
added 2020/11/25 12:0 a.m.175 views

Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2020-013

The Drupal project uses the PEAR ArchiveTar library. The PEAR ArchiveTar library has released a security update that impacts Drupal. For more information please see: CVE-2020-28948 CVE-2020-28949 Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2, or .tlz...

7.8CVSS1.5AI score0.84554EPSS
Exploits5References15
Veracode
Veracode
added 2020/11/20 3:5 a.m.38 views

PHAR Unserialization

pear/archivetar is vulnerable to PHAR unserialization. The vulnerability exists due to the improper validation of filename that allows a filename that starts with PHAR:// to be executed...

7.8CVSS4AI score0.84554EPSS
Exploits4References19Affected Software6
Rows per page
Query Builder