Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php pear vulnerabilities and exploits
(subscribe to this query)
3.3
CVSSv2
CVE-2011-1072
The installer in PEAR prior to 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories, a different vulnerability than CVE-2007-2519.
Php Pear 0.11
Php Pear 1.0
Php Pear 1.2
Php Pear 1.3.6
Php Pear 1.3.5
Php Pear 1.4.0
Php Pear 0.90
Php Pear 0.10
Php Pear 1.2.1
Php Pear 1.1
Php Pear 1.3
Php Pear 1.4.2
Php Pear 0.2.2
Php Pear 0.9
Php Pear 1.0.1
Php Pear 1.3.3
Php Pear 1.3.1
Php Pear 1.4.1
Php Pear
Php Pear 1.6.1
Php Pear 1.3.4
Php Pear 1.3.3.1
3.3
CVSSv2
CVE-2011-1144
The installer in PEAR 1.9.2 and previous versions allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories. NOTE: this vulnerability exists be...
Php Pear 1.0
Php Pear 1.0.1
Php Pear 1.2
Php Pear 1.3.4
Php Pear 1.3.3.1
Php Pear 1.3
Php Pear 1.4.0
Php Pear 1.9.1
Php Pear 1.6.1
Php Pear 1.5.1
Php Pear 1.3.6
Php Pear 1.3.5
Php Pear
Php Pear 0.2.2
Php Pear 0.9
Php Pear 0.90
Php Pear 1.2.1
Php Pear 1.3.3
Php Pear 1.3.1
Php Pear 1.4.1
Php Pear 1.5.0
Php Pear 0.10
5.1
CVSSv2
CVE-2005-4154
Unspecified vulnerability in PEAR installer 1.4.2 and previous versions allows user-assisted malicious users to execute arbitrary code via a crafted package that can execute code when the pear command is executed or when the Web/Gtk frontend is loaded.
Php Pear 0.9
Php Pear 0.90
Php Pear 1.2.1
Php Pear 1.2
Php Pear 1.3.3
Php Pear 1.3.3.1
Php Pear 1.3
Php Pear 1.4.0
Php Pear 1.4.1
Php Pear
Php Pear 0.10
Php Pear 0.11
Php Pear 1.1
Php Pear 1.3.1
Php Pear 1.0
Php Pear 1.0.1
Php Pear 1.3.4
Php Pear 1.3.5
Php Pear 1.3.6
6.8
CVSSv2
CVE-2007-2519
Directory traversal vulnerability in the installer in PEAR 1.0 up to and including 1.5.3 allows user-assisted remote malicious users to overwrite arbitrary files via a .. (dot dot) sequence in the (1) install-as attribute in the file element in package.xml 1.0 or the (2) as attri...
Php Group Pear 1.2b2
Php Group Pear 1.2b3
Php Group Pear 1.3.5
Php Group Pear 1.1
Php Group Pear 1.2
Php Group Pear 1.3
Php Group Pear 1.3.1
Php Group Pear 1.3.3
Php Group Pear 1.3b3
Php Group Pear 1.3b5
Php Group Pear 1.4.0a2
Php Group Pear 1.4.0a3
Php Group Pear 1.0
Php Group Pear 1.0.1
Php Group Pear 1.2b4
Php Group Pear 1.2b5
Php Group Pear 1.3b1
Php Group Pear 1.3b2
Php Group Pear 1.4.0a11
Php Group Pear 1.4.0a12
Php Group Pear 1.4.0a8
Php Group Pear 1.4.0a9
1 EDB exploit
5
CVSSv2
CVE-2017-5630
PECL in the download utility class in the Installer in PEAR Base System v1.10.1 does not validate file types and filenames after a redirect, which allows remote HTTP servers to overwrite files via crafted responses, as demonstrated by a .htaccess overwrite.
Php Pear 1.10.1
1 EDB exploit
10
CVSSv2
CVE-2009-4024
Argument injection vulnerability in the ping function in Ping.php in the Net_Ping package prior to 2.4.5 for PEAR allows remote malicious users to execute arbitrary shell commands via the host parameter. NOTE: this has also been reported as a shell metacharacter problem.
Pear Pear 2.1
Pear Pear 1.0.1
Pear Pear
Pear Pear 2.4.3
Pear Pear 2.4.2
Pear Pear 1.0
Pear Pear 0.1
Pear Pear 2.4.1
Pear Pear 2.4
Pear Pear 2.3
Pear Pear 2.2
7.5
CVSSv2
CVE-2006-0144
The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote malicious users to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify functi...
Apache2triad Apache2triad
Php Pear 0.2.2
7.5
CVSSv2
CVE-2006-0868
Multiple unspecified injection vulnerabilities in unspecified Auth Container back ends for PEAR::Auth prior to 1.2.4, and 1.3.x prior to 1.3.0r4, allow remote malicious users to "falsify authentication credentials," related to the "underlying storage containers.&qu...
Pear Xml Rpc 1.0.2
Pear Xml Rpc 1.0.3
Pear Xml Rpc 1.2.0rc5
Pear Xml Rpc 1.2.0rc6
Pear Xml Rpc 1.0.4
Pear Xml Rpc 1.1.0
Pear Xml Rpc 1.2.0
Pear Xml Rpc 1.2.0rc7
Pear Xml Rpc 1.2.1
Pear Xml Rpc 1.2.0rc3
Pear Xml Rpc 1.2.0rc4
Pear Xml Rpc 1.3.0rc2
Pear Xml Rpc 1.3.0rc3
Pear Xml Rpc 1.2.0rc1
Pear Xml Rpc 1.2.0rc2
Pear Xml Rpc 1.2.2
Pear Xml Rpc 1.3.0rc1
5
CVSSv2
CVE-2005-4731
The Next action in PEAR HTML_QuickForm_Controller 1.0.4 includes the SID in the URL even when session.use_only_cookies is configured, which allows remote malicious users to obtain the SID via an HTTP Referer field and possibly other vectors.
The Php Group Pear Html Quickform Controller 1.0.4
6.4
CVSSv2
CVE-2006-0869
Directory traversal vulnerability in the "remember me" feature in liveuser.php in PHP Extension and Application Repository (PEAR) LiveUser 0.16.8 and previous versions allows remote malicious users to determine file existence, and possibly delete arbitrary files with sh...
Pear Pear Liveuser 0.10.0
Pear Pear Liveuser 0.13.3
Pear Pear Liveuser 0.14.0
Pear Pear Liveuser 0.15.0
Pear Pear Liveuser 0.16.5
Pear Pear Liveuser 0.16.6
Pear Pear Liveuser 0.6.1
Pear Pear Liveuser 0.7
Pear Pear Liveuser 0.11.0
Pear Pear Liveuser 0.11.1
Pear Pear Liveuser 0.15.1
Pear Pear Liveuser 0.16.0
Pear Pear Liveuser 0.16.7
Pear Pear Liveuser 0.16.8
Pear Pear Liveuser 0.8
Pear Pear Liveuser 0.8.1
Pear Pear Liveuser 0.13.1
Pear Pear Liveuser 0.13.2
Pear Pear Liveuser 0.16.3
Pear Pear Liveuser 0.16.4
Pear Pear Liveuser 0.5.1
Pear Pear Liveuser 0.6
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304
CVE-2024-4240
arbitrary
CVE-2024-31601
XSS
CVE-2023-20198
CVE-2024-4256
CVE-2024-3342
encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »