Published: 11/12/2005 Updated: 23/01/2020

CVSS v2 Base Score: 5.1 | Impact Score: 6.4 | Exploitability Score: 4.9

VMScore: 454

Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Unspecified vulnerability in PEAR installer 1.4.2 and previous versions allows user-assisted malicious users to execute arbitrary code via a crafted package that can execute code when the pear command is executed or when the Web/Gtk frontend is loaded.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php pear 0.9
php pear 0.90
php pear 1.2.1
php pear 1.2
php pear 1.3.3
php pear 1.3.3.1
php pear 1.3
php pear 1.4.0
php pear 1.4.1
php pear
php pear 0.10
php pear 0.11
php pear 1.1
php pear 1.3.1
php pear 1.0
php pear 1.0.1
php pear 1.3.4
php pear 1.3.5
php pear 1.3.6

Debian Bug report logs - #336654 PHP 505 contains unfixed security bugs Package: php5; Maintainer for php5 is Debian PHP Maintainers <pkg-php-maint@listsaliothdebianorg>; Source for php5 is src:php5 (PTS, buildd, popcon) Reported by: Florian Weimer <fw@denebenyode> Date: Mon, 31 Oct 2005 20:48:02 UTC Severity ...

Debian Bug report logs - #341368 CVE-2005-3883: Injection of arbitrary values into the To:-header of the md_send_mail() function Package: php5; Maintainer for php5 is Debian PHP Maintainers <pkg-php-maint@listsaliothdebianorg>; Source for php5 is src:php5 (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inuti ...

NVD-CWE-noinfo http://pear.php.net/advisory-20051104.txt http://securitytracker.com/alerts/2005/Nov/1015161.html http://secunia.com/advisories/17563/http://www.vupen.com/english/advisories/2005/2444 https://exchange.xforce.ibmcloud.com/vulnerabilities/23021 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=336654

CVE-2005-4154

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect