Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pear vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2003-0737
The calendar module in phpWebSite 0.9.x and previous versions allows remote malicious users to obtain the full pathname of phpWebSite via an invalid year, which generates an error from localtime() in TimeZone.php of the Pear library.
Phpwebsite Phpwebsite
7.5
CVSSv2
CVE-2021-29377
Pear Admin Think up to and including 2.1.2 has an arbitrary file upload vulnerability that allows malicious users to execute arbitrary code remotely. A .php file can be uploaded via admin.php/index/upload because app/common/service/UploadService.php mishandles fileExt.
Pearadmin Pearadmin Think
6.8
CVSSv2
CVE-2007-2939
Multiple PHP remote file inclusion vulnerabilities in Mazen's PHP Chat 3.0.0 allow remote malicious users to execute arbitrary PHP code via a URL in the basepath parameter to (1) ITX.php, (2) IT_Error.php, or (3) IT.php in include/pear/.
Mazens Php Chat Mazens Php Chat 3.0.0
1 EDB exploit
7.5
CVSSv2
CVE-2006-5893
Multiple PHP remote file inclusion vulnerabilities in iWonder Designs Storystream 0.4.0.0 allow remote malicious users to execute arbitrary PHP code via a URL in the baseDir parameter to (1) mysql.php and (2) mysqli.php in include/classes/pear/DB/.
Iwonder Designs Storystream 0.4.0.0
1 EDB exploit
5
CVSSv2
CVE-2011-3809
TheHostingTool (THT) 1.2.3 allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/pear/Mail/smtp.php and certain other files.
Thehostingtool Thehostingtool 1.2.3
6
CVSSv2
CVE-2019-6338
In Drupal Core versions 7.x before 7.62, 8.6.x before 8.6.6 and 8.5.x before 8.5.9; Drupal core uses the third-party PEAR Archive_Tar library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details
Drupal Drupal
Debian Debian Linux 8.0
Debian Debian Linux 9.0
6.8
CVSSv2
CVE-2007-3228
PHP remote file inclusion vulnerability in saf/lib/PEAR/PhpDocumentor/Documentation/tests/bug-559668.php in Sitellite CMS 4.2.12 and previous versions might allow remote malicious users to execute arbitrary PHP code via a URL in the FORUM[LIB] parameter. NOTE: by default, access ...
Simian Systems Inc Sitellite Cms 4.2.12
1 EDB exploit
5
CVSSv2
CVE-2014-8875
The XML_RPC_cd function in lib/pear/XML/RPC.php in Revive Adserver prior to 3.0.6 allows remote malicious users to cause a denial of service (CPU and memory consumption) via a crafted XML-RPC request, aka an XML Entity Expansion (XEE) attack.
Revive-adserver Revive Adserver
7.5
CVSSv2
CVE-2018-1999022
PEAR HTML_QuickForm version 3.2.14 contains an eval injection (CWE-95) vulnerability in HTML_QuickForm's getSubmitValue method, HTML_QuickForm's validate method, HTML_QuickForm_hierselect's _setOptions method, HTML_QuickForm_element's _findValue method, HTML_Q...
Html Quickform Project Html Quickform 3.2.14
Civicrm Civicrm 5.3.0
Civicrm Civicrm
7.5
CVSSv2
CVE-2005-1921
Eval injection vulnerability in PEAR XML_RPC 1.3.0 and previous versions (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and previous versions, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6)...
Php Xml Rpc
Gggeek Phpxmlrpc
Drupal Drupal
Tiki Tikiwiki Cms\\/groupware
Debian Debian Linux 3.1
5 EDB exploits
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304
CVE-2024-4240
arbitrary
CVE-2024-31601
XSS
CVE-2023-20198
CVE-2024-4256
CVE-2024-3342
encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »