CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9 matches found

OSV•added 2024/03/06 10:56 a.m.•26 views

BIT-DRUPAL-2020-28949

ArchiveTar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack such as file:// to overwrite files can still succeed...

7.8CVSS7.8AI score0.93364EPSS

Exploits5References14

Tenable Nessus•added 2022/11/17 12:0 a.m.•24 views

Rocky Linux 8 : php:7.4 (RLSA-2022:6542)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:6542 advisory. - ArchiveTar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack such as file:// to...

7.8CVSS7.6AI score0.93364EPSS

Exploits5References7

RedhatCVE•added 2020/12/23 1:31 p.m.•40 views

CVE-2020-28949

A flaw was found in the ArchiveTar package. PEAR ArchiveTar could allow a local authenticated attacker to bypass security restrictions caused by a stream-wrapper attack. An attacker can overwrite arbitrary files on the system using a specially-crafted tar archive...

7.8CVSS3.2AI score0.93364EPSS

Exploits4References3

NVD•added 2020/11/19 7:15 p.m.•21 views

CVE-2020-28949

ArchiveTar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack such as file:// to overwrite files can still succeed...

7.8CVSS7.6AI score0.93364EPSS

Exploits4References13

Prion•added 2020/11/19 7:15 p.m.•30 views

Code injection

ArchiveTar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack such as file:// to overwrite files can still succeed...

6.8CVSS7.6AI score0.93364EPSS

Exploits4References12Affected Software4

Debian CVE•added 2020/11/19 6:14 p.m.•29 views

CVE-2020-28949

ArchiveTar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack such as file:// to overwrite files can still succeed...

7.8CVSS7.9AI score0.93364EPSS

Exploits4

AlpineLinux•added 2020/11/19 6:14 p.m.•51 views

CVE-2020-28949

ArchiveTar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack such as file:// to overwrite files can still succeed...

7.8CVSS8AI score0.93364EPSS

Exploits4

CVE•added 2020/11/19 6:14 p.m.•947 views

CVE-2020-28949

CVE-2020-28949 affects PEAR Archive_Tar (v1.4.10 and earlier). The issue is that Archive_Tar’s filename sanitization only addressed phar attacks; other stream-wrapper attacks (e.g., file://) can overwrite files, enabling potential arbitrary file writes. Affected ecosystem includes PHP-pear compon...

7.8CVSS7.7AI score0.93364EPSS

In wildExploits4References13Affected Software1

ATTACKERKB•added 2020/11/19 12:0 a.m.•36 views

CVE-2020-28949

ArchiveTar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack such as file:// to overwrite files can still succeed. Recent assessments: gwillcox-r7 at January 15, 2021 8:42pm UTC reported: Original advisory and PoC can be found at...

7.8CVSS7.7AI score0.93364EPSS

In wildExploits5References19

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by