Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pear vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2006-0931
Directory traversal vulnerability in PEAR::Archive_Tar 1.2, and other versions prior to 1.3.2, allows remote malicious users to create and overwrite arbitrary files via certain crafted pathnames in a TAR archive.
Pear Pear Archive Tar
NA
CVE-2015-10028
A vulnerability has been found in ss15-this-is-sparta and classified as problematic. This vulnerability affects unknown code of the file js/roomElement.js of the component Main Page. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of...
Pear Programming Project Pear Programming
5
CVSSv2
CVE-2006-0932
Directory traversal vulnerability in zip.lib.php 0.1.1 in PEAR::Archive_Zip allows remote malicious users to create and overwrite arbitrary files via certain crafted pathnames in a ZIP archive.
Pear Pear Archive Zip 1.1
6.8
CVSSv2
CVE-2009-4111
Argument injection vulnerability in Mail/sendmail.php in the Mail package 1.1.14, 1.2.0b2, and possibly other versions for PEAR allows remote malicious users to read and write arbitrary files via a crafted $recipients parameter, and possibly other parameters, a different vulnerab...
Pear Mail 1.1.14
Pear Mail 1.2.0b2
5
CVSSv2
CVE-2022-24953
The Crypt_GPG extension prior to 1.6.7 for PHP does not prevent additional options in GPG calls, which presents a risk for certain environments and GPG versions.
Pear Crypt Gpg
5
CVSSv2
CVE-2017-5630
PECL in the download utility class in the Installer in PEAR Base System v1.10.1 does not validate file types and filenames after a redirect, which allows remote HTTP servers to overwrite files via crafted responses, as demonstrated by a .htaccess overwrite.
Php Pear 1.10.1
1 EDB exploit
NA
CVE-2023-30417
A cross-site scripting (XSS) vulnerability in Pear-Admin-Boot up to v2.0.2 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Title of a private message.
Pearadmin Pear Admin Boot
3.5
CVSSv2
CVE-2022-23903
A Cross Site Scripting (XSS) vulnerability exists in pearadmin pear-admin-think <=5.0.6, which allows a login account to access arbitrary functions and cause stored XSS through a fake User-Agent.
Pearadmin Pear Admin Think
10
CVSSv2
CVE-2005-4730
Unspecified vulnerability in PEAR Text_Password 1.0 has unknown impact and attack vectors, related to "problematic seeding" of the random number generator, possibly predictable seeds.
Pear Text Password 1.0
4.3
CVSSv2
CVE-2007-5934
The LOB functionality in PEAR MDB2 prior to 2.5.0a1 interprets a request to store a URL string as a request to retrieve and store the contents of the URL, which might allow remote malicious users to use MDB2 as an indirect proxy or obtain sensitive information via a URL into a fo...
Pear Structures Datagrid Datasource Mdb2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304
CVE-2024-4240
arbitrary
CVE-2024-31601
XSS
CVE-2023-20198
CVE-2024-4256
CVE-2024-3342
encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »