CVE-2011-1072

The connected Nessus/NASL entries confirm CVE-2011-1072 affects the PEAR installer prior to 1.9.2, enabling local users to overwrite arbitrary files via a symlink on package.xml, related to download_dir, cache_dir, tmp_dir, and pear-build-download directories. The MiracleLinux advisory references...

CVE-2017-5630

CVE-2017-5630 affects PEAR Base System v1.10.1; PECL in the Installer’s download utility does not validate file types/filenames after redirects, allowing remote HTTP servers to overwrite files via crafted responses (e.g., .htaccess). Documented impact is file overwrite; no patch/remediation detai...

CVE-2011-1144

CVE-2011-1144 concerns the PEAR installer prior to 1.9.2. The vulnerability allows local users to overwrite arbitrary files via a symlink attack on package.xml, related to the download_dir, cache_dir, tmp_dir, and pear-build-download directories. The issue exists because of an incomplete fix for ...

CVE-2006-0144

CVE-2006-0144 affects PHP PEAR 0.2.2 (used in Apache2Triad). The proxy server feature in go-pear.php can be redirected to a malicious proxy server that serves a modified Tar.php containing a malicious extractModify function, enabling remote attackers to execute arbitrary PHP code. The description...

CVE-2005-4154

CVE-2005-4154 affects PEAR installer 1.4.2 and earlier. The vulnerability is described as unspecified and allows user-assisted attackers to execute arbitrary code via a crafted package that can run code when the pear command is executed or when the Web/Gtk frontend is loaded. Connected sources co...