Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php archive tar vulnerabilities and exploits
(subscribe to this query)
3.6
CVSSv2
CVE-2021-32610
In Archive_Tar prior to 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193.
Php Archive Tar
Debian Debian Linux 9.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Fedoraproject Fedora 35
5
CVSSv2
CVE-2020-36193
Tar.php in Archive_Tar up to and including 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.
Php Archive Tar
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Drupal Drupal
6.8
CVSSv2
CVE-2020-28948
Archive_Tar up to and including 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked.
Php Archive Tar
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Drupal Drupal
3 Github repositories
6.8
CVSSv2
CVE-2020-28949
Archive_Tar up to and including 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed.
Php Archive Tar
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Drupal Drupal
3 Github repositories
4.3
CVSSv2
CVE-2015-2326
The pcre_compile2 function in PCRE prior to 8.37 allows context-dependent malicious users to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back re...
Pcre Pcre
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
Mariadb Mariadb
Php Php
6.8
CVSSv2
CVE-2015-2325
The compile_branch function in PCRE prior to 8.37 allows context-dependent malicious users to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forwar...
Pcre Pcre
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
Mariadb Mariadb
Php Php
6.8
CVSSv2
CVE-2018-1000888
PEAR Archive_Tar version 1.4.3 and previous versions contains a CWE-502, CWE-915 vulnerability in the Archive_Tar class. There are several file operations with `$v_header['filename']` as parameter (such as file_exists, is_file, is_dir, etc). When extract is called witho...
Php Pear Archive Tar
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Canonical Ubuntu Linux 16.04
Debian Debian Linux 8.0
Debian Debian Linux 9.0
1 EDB exploit
1 Article
7.5
CVSSv2
CVE-2016-5093
The get_icu_value_internal function in ext/intl/locale/locale_methods.c in PHP prior to 5.5.36, 5.6.x prior to 5.6.22, and 7.x prior to 7.0.7 does not ensure the presence of a '\0' character, which allows remote malicious users to cause a denial of service (out-of-bound...
Php Php 5.6.2
Php Php 5.6.19
Php Php 7.0.6
Php Php 5.6.18
Php Php 5.6.6
Php Php 5.6.7
Php Php 5.6.0
Php Php 5.6.1
Php Php 7.0.0
Php Php 7.0.1
Php Php 5.6.17
Php Php 5.6.16
Php Php 5.6.15
Php Php 5.6.8
Php Php 5.6.9
Php Php
Php Php 7.0.2
Php Php 7.0.3
Php Php 5.6.14
Php Php 5.6.3
Php Php 5.6.13
Php Php 5.6.12
7.5
CVSSv2
CVE-2016-5095
Integer overflow in the php_escape_html_entities_ex function in ext/standard/html.c in PHP prior to 5.5.36 and 5.6.x prior to 5.6.22 allows remote malicious users to cause a denial of service or possibly have unspecified other impact by triggering a large output string from a FIL...
Php Php 5.6.0
Php Php 5.6.1
Php Php 5.6.16
Php Php 5.6.17
Php Php 5.6.4
Php Php 5.6.5
Php Php 5.6.10
Php Php 5.6.11
Php Php 5.6.18
Php Php 5.6.19
Php Php 5.6.6
Php Php 5.6.7
Php Php 5.6.8
Php Php 5.6.14
Php Php 5.6.15
Php Php 5.6.21
Php Php 5.6.3
Php Php 5.6.12
Php Php 5.6.13
Php Php 5.6.2
Php Php 5.6.20
Php Php 5.6.9
7.5
CVSSv2
CVE-2015-3307
The phar_parse_metadata function in ext/phar/phar.c in PHP prior to 5.4.40, 5.5.x prior to 5.5.24, and 5.6.x prior to 5.6.8 allows remote malicious users to cause a denial of service (heap metadata corruption) or possibly have unspecified other impact via a crafted tar archive.
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Server Eus 7.1
Redhat Enterprise Linux Hpc Node Eus 7.1
Redhat Enterprise Linux Hpc Node 7.0
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux 6.0
Redhat Enterprise Linux 7.0
Apple Mac Os X
Php Php 5.5.0
Php Php 5.5.1
Php Php 5.5.19
Php Php 5.5.2
Php Php 5.5.20
Php Php 5.5.6
Php Php 5.5.7
Php Php 5.6.0
Php Php 5.6.6
Php Php 5.6.7
Php Php 5.5.9
Php Php 5.5.14
Php Php 5.5.18
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »