CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

20 matches found

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2006-0152

Malware in sbrugna...

7.5CVSS6.4AI score0.01827EPSS

Exploits0References7

Tenable Nessus•added 2024/10/09 12:0 a.m.•22 views

CentOS 7 : php-pear (RHSA-2022:7340)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:7340 advisory. - ArchiveTar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked. CVE-2020-28948 - ArchiveTar through...

7.8CVSS7.6AI score0.84554EPSS

Exploits5References4

RedHat Linux•added 2022/11/02 4:38 p.m.•7 views

Archive_Tar: directory traversal due to inadequate checking of symbolic links

A flaw was found in the ArchiveTar package. ArchiveTar could allow a remote attacker to traverse directories on the system caused by inadequate checking of symbolic links. An attacker could send a specially-crafted URL request to the Tar.php script containing "dot dot" sequences /../ to modify...

7.5CVSS5.9AI score0.70595EPSS

Exploits0References5

RedHat Linux•added 2022/09/15 8:54 a.m.•5 views

Archive_Tar: directory traversal due to inadequate checking of symbolic links

7.5CVSS5.9AI score0.70595EPSS

Exploits0References5

Packet Storm•added 2022/03/30 12:0 a.m.•259 views

Joomla! 4.1.0 Zip Slip File Overwrite / Path Traversal

------------------------------------------------- Joomla! getTarInfo$this-data; 114. 115. for $i = 0, $n = \count$this-metadata; $i metadata$i'type'; 118. 119. if $type == 'file' || $type == 'unix file' 120. 121. $buffer = $this-metadata$i'data'; 122. $path = Path::clean$destination . '/'...

0.1AI score0.02007EPSS

Exploits3

0day.today•added 2022/03/30 12:0 a.m.•255 views

Joomla! 4.1.0 Zip Slip File Overwrite / Path Traversal Vulnerabilities

Joomla! versions 4.1.0 and below suffer from path traversal and file overwrite vulnerabilities due to misplaced trust in the handling of compressed archives. ------------------------------------------------- Joomla! getTarInfo$this-data; 114. 115. for $i = 0, $n = \count$this-metadata; $i...

7.5CVSS0.6AI score0.02007EPSS

Exploits3

BDU FSTEC•added 2021/11/02 12:0 a.m.•2 views

The vulnerability of the Tar.php file in the Archive_Tar package of the PHP PEAR library arises from an improper restriction on the path name of the directory. This allows a attacker to compromise data integrity.

The vulnerability of the Tar.php file in the ArchiveTar package from the PHP PEAR library is related to improper handling of symbolic links. Exploiting this vulnerability could allow an attacker to compromise data integrity remotely...

7.5CVSS7.5AI score0.70595EPSS

Exploits0References15Affected Software6

Tenable Nessus•added 2021/09/16 12:0 a.m.•40 views

Amazon Linux 2 : php-pear (ALAS-2021-1708)

The version of php-pear installed on the remote host is prior to 1.10.12-9. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2021-1708 advisory. In ArchiveTar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than...

7.5CVSS7.8AI score0.73377EPSS

Exploits0References3

Tenable Nessus•added 2021/09/04 12:0 a.m.•38 views

SUSE SLED12: apache2-mod_php72 / php72 / php72-bcmath / php72-bz2 / etc (SUSE-SU-2021:2926-1)

The remote SUSE Linux SLED12 / SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:2926-1 advisory. - CVE-2020-36193: Fixed ArchiveTar directory traversal due to inadequate checking of symbolic links bsc1189591. Tenable has extracted the...

7.5CVSS7.4AI score0.70595EPSS

Exploits0References4