Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities found for pear by php
CVE-2017-5630 (GCVE-0-2017-5630)
Vulnerability from nvd – Published: 2017-02-01 23:00 – Updated: 2024-08-05 15:04
VLAI
Summary
PECL in the download utility class in the Installer in PEAR Base System v1.10.1 does not validate file types and filenames after a redirect, which allows remote HTTP servers to overwrite files via crafted responses, as demonstrated by a .htaccess overwrite.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/41185/ | exploitx_refsource_EXPLOIT-DB |
| http://www.securityfocus.com/bid/95882 | vdb-entryx_refsource_BID |
| http://pear.php.net/bugs/bug.php?id=21171 | x_refsource_MISC |
Date Public
2017-02-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:04:15.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "41185",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/41185/"
},
{
"name": "95882",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95882"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://pear.php.net/bugs/bug.php?id=21171"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-02-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PECL in the download utility class in the Installer in PEAR Base System v1.10.1 does not validate file types and filenames after a redirect, which allows remote HTTP servers to overwrite files via crafted responses, as demonstrated by a .htaccess overwrite."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-01T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "41185",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/41185/"
},
{
"name": "95882",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95882"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://pear.php.net/bugs/bug.php?id=21171"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5630",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PECL in the download utility class in the Installer in PEAR Base System v1.10.1 does not validate file types and filenames after a redirect, which allows remote HTTP servers to overwrite files via crafted responses, as demonstrated by a .htaccess overwrite."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "41185",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41185/"
},
{
"name": "95882",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95882"
},
{
"name": "http://pear.php.net/bugs/bug.php?id=21171",
"refsource": "MISC",
"url": "http://pear.php.net/bugs/bug.php?id=21171"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5630",
"datePublished": "2017-02-01T23:00:00.000Z",
"dateReserved": "2017-01-29T00:00:00.000Z",
"dateUpdated": "2024-08-05T15:04:15.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1144 (GCVE-0-2011-1144)
Vulnerability from nvd – Published: 2011-03-03 00:00 – Updated: 2024-08-06 22:14
VLAI
Summary
The installer in PEAR 1.9.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1072.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://openwall.com/lists/oss-security/2011/02/28/5 | mailing-listx_refsource_MLIST |
| http://openwall.com/lists/oss-security/2011/03/01/7 | mailing-listx_refsource_MLIST |
| http://pear.php.net/bugs/bug.php?id=18056 | x_refsource_MISC |
| http://openwall.com/lists/oss-security/2011/03/01/8 | mailing-listx_refsource_MLIST |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://openwall.com/lists/oss-security/2011/03/01/5 | mailing-listx_refsource_MLIST |
| http://openwall.com/lists/oss-security/2011/03/01/4 | mailing-listx_refsource_MLIST |
| http://openwall.com/lists/oss-security/2011/03/01/9 | mailing-listx_refsource_MLIST |
Date Public
2011-02-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:14:27.851Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110228 Re: CVE Request: PEAR Installer 1.9.1 \u003c= - Symlink Attack",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/02/28/5"
},
{
"name": "[oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 \u003c= - Symlink Attack",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/01/7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://pear.php.net/bugs/bug.php?id=18056"
},
{
"name": "[oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 \u003c= - Symlink Attack",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/01/8"
},
{
"name": "pear-package-symlink(65911)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65911"
},
{
"name": "[oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 \u003c= - Symlink Attack",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/01/5"
},
{
"name": "[oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 \u003c= - Symlink Attack",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/01/4"
},
{
"name": "[oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 \u003c= - Symlink Attack",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/01/9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The installer in PEAR 1.9.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1072."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20110228 Re: CVE Request: PEAR Installer 1.9.1 \u003c= - Symlink Attack",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/02/28/5"
},
{
"name": "[oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 \u003c= - Symlink Attack",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/01/7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://pear.php.net/bugs/bug.php?id=18056"
},
{
"name": "[oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 \u003c= - Symlink Attack",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/01/8"
},
{
"name": "pear-package-symlink(65911)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65911"
},
{
"name": "[oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 \u003c= - Symlink Attack",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/01/5"
},
{
"name": "[oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 \u003c= - Symlink Attack",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/01/4"
},
{
"name": "[oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 \u003c= - Symlink Attack",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/01/9"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1144",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The installer in PEAR 1.9.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1072."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110228 Re: CVE Request: PEAR Installer 1.9.1 \u003c= - Symlink Attack",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/02/28/5"
},
{
"name": "[oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 \u003c= - Symlink Attack",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/01/7"
},
{
"name": "http://pear.php.net/bugs/bug.php?id=18056",
"refsource": "MISC",
"url": "http://pear.php.net/bugs/bug.php?id=18056"
},
{
"name": "[oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 \u003c= - Symlink Attack",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/01/8"
},
{
"name": "pear-package-symlink(65911)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65911"
},
{
"name": "[oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 \u003c= - Symlink Attack",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/01/5"
},
{
"name": "[oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 \u003c= - Symlink Attack",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/01/4"
},
{
"name": "[oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 \u003c= - Symlink Attack",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/01/9"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1144",
"datePublished": "2011-03-03T00:00:00.000Z",
"dateReserved": "2011-03-02T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:14:27.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1072 (GCVE-0-2011-1072)
Vulnerability from nvd – Published: 2011-03-03 00:00 – Updated: 2024-08-06 22:14
VLAI
Summary
The installer in PEAR before 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories, a different vulnerability than CVE-2007-2519.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
19 references
Date Public
2011-02-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:14:27.808Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110228 Re: CVE Request: PEAR Installer 1.9.1 \u003c= - Symlink Attack",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/02/28/5"
},
{
"name": "[oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 \u003c= - Symlink Attack",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/01/7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=546164"
},
{
"name": "43533",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43533"
},
{
"name": "[oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 \u003c= - Symlink Attack",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/01/8"
},
{
"name": "[oss-security] 20110228 Re: CVE Request: PEAR Installer 1.9.1 \u003c= - Symlink Attack",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/02/28/12"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://news.php.net/php.pear.cvs/61264"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://security-tracker.debian.org/tracker/CVE-2011-1072"
},
{
"name": "[oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 \u003c= - Symlink Attack",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/01/5"
},
{
"name": "[oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 \u003c= - Symlink Attack",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/01/4"
},
{
"name": "RHSA-2011:1741",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1741.html"
},
{
"name": "MDVSA-2011:187",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:187"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pear.php.net/bugs/bug.php?id=18056"
},
{
"name": "[oss-security] 20110228 CVE Request: PEAR Installer 1.9.1 \u003c= - Symlink Attack",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/02/28/3"
},
{
"name": "pear-pear-installer-symlink(65721)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65721"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.php.net/viewvc?view=revision\u0026revision=308687"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pear.php.net/advisory-20110228.txt"
},
{
"name": "46605",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46605"
},
{
"name": "[oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 \u003c= - Symlink Attack",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/01/9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The installer in PEAR before 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories, a different vulnerability than CVE-2007-2519."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20110228 Re: CVE Request: PEAR Installer 1.9.1 \u003c= - Symlink Attack",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/02/28/5"
},
{
"name": "[oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 \u003c= - Symlink Attack",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/01/7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=546164"
},
{
"name": "43533",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43533"
},
{
"name": "[oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 \u003c= - Symlink Attack",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/01/8"
},
{
"name": "[oss-security] 20110228 Re: CVE Request: PEAR Installer 1.9.1 \u003c= - Symlink Attack",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/02/28/12"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://news.php.net/php.pear.cvs/61264"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://security-tracker.debian.org/tracker/CVE-2011-1072"
},
{
"name": "[oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 \u003c= - Symlink Attack",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/01/5"
},
{
"name": "[oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 \u003c= - Symlink Attack",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/01/4"
},
{
"name": "RHSA-2011:1741",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1741.html"
},
{
"name": "MDVSA-2011:187",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:187"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pear.php.net/bugs/bug.php?id=18056"
},
{
"name": "[oss-security] 20110228 CVE Request: PEAR Installer 1.9.1 \u003c= - Symlink Attack",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/02/28/3"
},
{
"name": "pear-pear-installer-symlink(65721)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65721"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.php.net/viewvc?view=revision\u0026revision=308687"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pear.php.net/advisory-20110228.txt"
},
{
"name": "46605",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46605"
},
{
"name": "[oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 \u003c= - Symlink Attack",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/01/9"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1072",
"datePublished": "2011-03-03T00:00:00.000Z",
"dateReserved": "2011-02-24T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:14:27.808Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0144 (GCVE-0-2006-0144)
Vulnerability from nvd – Published: 2006-01-09 23:00 – Updated: 2024-08-07 16:25
VLAI
Summary
The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2006/0148 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/bid/16174 | vdb-entryx_refsource_BID |
| http://apache2triad.net/forums/viewtopic.php?p=14670 | x_refsource_CONFIRM |
| http://secunia.com/advisories/18390 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/archive/1/421469/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2006-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:25:33.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-0148",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0148"
},
{
"name": "16174",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16174"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://apache2triad.net/forums/viewtopic.php?p=14670"
},
{
"name": "18390",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18390"
},
{
"name": "gopear-proxy-redirection(24076)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24076"
},
{
"name": "20060109 New PEAR / Apache2Triad Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/421469/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-0148",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0148"
},
{
"name": "16174",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16174"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://apache2triad.net/forums/viewtopic.php?p=14670"
},
{
"name": "18390",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18390"
},
{
"name": "gopear-proxy-redirection(24076)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24076"
},
{
"name": "20060109 New PEAR / Apache2Triad Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/421469/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0144",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0148",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0148"
},
{
"name": "16174",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16174"
},
{
"name": "http://apache2triad.net/forums/viewtopic.php?p=14670",
"refsource": "CONFIRM",
"url": "http://apache2triad.net/forums/viewtopic.php?p=14670"
},
{
"name": "18390",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18390"
},
{
"name": "gopear-proxy-redirection(24076)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24076"
},
{
"name": "20060109 New PEAR / Apache2Triad Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/421469/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0144",
"datePublished": "2006-01-09T23:00:00.000Z",
"dateReserved": "2006-01-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:25:33.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4154 (GCVE-0-2005-4154)
Vulnerability from nvd – Published: 2005-12-11 02:00 – Updated: 2024-08-07 23:38
VLAI
Summary
Unspecified vulnerability in PEAR installer 1.4.2 and earlier allows user-assisted attackers to execute arbitrary code via a crafted package that can execute code when the pear command is executed or when the Web/Gtk frontend is loaded.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/17563/ | third-party-advisoryx_refsource_SECUNIA |
| http://securitytracker.com/alerts/2005/Nov/1015161.html | vdb-entryx_refsource_SECTRACK |
| http://pear.php.net/advisory-20051104.txt | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2005/2444 | vdb-entryx_refsource_VUPEN |
Date Public
2005-11-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:38:50.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "pear-installer-code-execution(23021)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23021"
},
{
"name": "17563",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17563/"
},
{
"name": "1015161",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/alerts/2005/Nov/1015161.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pear.php.net/advisory-20051104.txt"
},
{
"name": "ADV-2005-2444",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2444"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in PEAR installer 1.4.2 and earlier allows user-assisted attackers to execute arbitrary code via a crafted package that can execute code when the pear command is executed or when the Web/Gtk frontend is loaded."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "pear-installer-code-execution(23021)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23021"
},
{
"name": "17563",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17563/"
},
{
"name": "1015161",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/alerts/2005/Nov/1015161.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pear.php.net/advisory-20051104.txt"
},
{
"name": "ADV-2005-2444",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2444"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4154",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in PEAR installer 1.4.2 and earlier allows user-assisted attackers to execute arbitrary code via a crafted package that can execute code when the pear command is executed or when the Web/Gtk frontend is loaded."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "pear-installer-code-execution(23021)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23021"
},
{
"name": "17563",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17563/"
},
{
"name": "1015161",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/alerts/2005/Nov/1015161.html"
},
{
"name": "http://pear.php.net/advisory-20051104.txt",
"refsource": "CONFIRM",
"url": "http://pear.php.net/advisory-20051104.txt"
},
{
"name": "ADV-2005-2444",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2444"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4154",
"datePublished": "2005-12-11T02:00:00.000Z",
"dateReserved": "2005-12-11T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:38:50.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5630 (GCVE-0-2017-5630)
Vulnerability from cvelistv5 – Published: 2017-02-01 23:00 – Updated: 2024-08-05 15:04
VLAI
Summary
PECL in the download utility class in the Installer in PEAR Base System v1.10.1 does not validate file types and filenames after a redirect, which allows remote HTTP servers to overwrite files via crafted responses, as demonstrated by a .htaccess overwrite.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/41185/ | exploitx_refsource_EXPLOIT-DB |
| http://www.securityfocus.com/bid/95882 | vdb-entryx_refsource_BID |
| http://pear.php.net/bugs/bug.php?id=21171 | x_refsource_MISC |
Date Public
2017-02-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:04:15.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "41185",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/41185/"
},
{
"name": "95882",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95882"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://pear.php.net/bugs/bug.php?id=21171"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-02-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PECL in the download utility class in the Installer in PEAR Base System v1.10.1 does not validate file types and filenames after a redirect, which allows remote HTTP servers to overwrite files via crafted responses, as demonstrated by a .htaccess overwrite."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-01T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "41185",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/41185/"
},
{
"name": "95882",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95882"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://pear.php.net/bugs/bug.php?id=21171"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5630",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PECL in the download utility class in the Installer in PEAR Base System v1.10.1 does not validate file types and filenames after a redirect, which allows remote HTTP servers to overwrite files via crafted responses, as demonstrated by a .htaccess overwrite."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "41185",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41185/"
},
{
"name": "95882",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95882"
},
{
"name": "http://pear.php.net/bugs/bug.php?id=21171",
"refsource": "MISC",
"url": "http://pear.php.net/bugs/bug.php?id=21171"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5630",
"datePublished": "2017-02-01T23:00:00.000Z",
"dateReserved": "2017-01-29T00:00:00.000Z",
"dateUpdated": "2024-08-05T15:04:15.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1144 (GCVE-0-2011-1144)
Vulnerability from cvelistv5 – Published: 2011-03-03 00:00 – Updated: 2024-08-06 22:14
VLAI
Summary
The installer in PEAR 1.9.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1072.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://openwall.com/lists/oss-security/2011/02/28/5 | mailing-listx_refsource_MLIST |
| http://openwall.com/lists/oss-security/2011/03/01/7 | mailing-listx_refsource_MLIST |
| http://pear.php.net/bugs/bug.php?id=18056 | x_refsource_MISC |
| http://openwall.com/lists/oss-security/2011/03/01/8 | mailing-listx_refsource_MLIST |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://openwall.com/lists/oss-security/2011/03/01/5 | mailing-listx_refsource_MLIST |
| http://openwall.com/lists/oss-security/2011/03/01/4 | mailing-listx_refsource_MLIST |
| http://openwall.com/lists/oss-security/2011/03/01/9 | mailing-listx_refsource_MLIST |
Date Public
2011-02-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:14:27.851Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110228 Re: CVE Request: PEAR Installer 1.9.1 \u003c= - Symlink Attack",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/02/28/5"
},
{
"name": "[oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 \u003c= - Symlink Attack",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/01/7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://pear.php.net/bugs/bug.php?id=18056"
},
{
"name": "[oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 \u003c= - Symlink Attack",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/01/8"
},
{
"name": "pear-package-symlink(65911)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65911"
},
{
"name": "[oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 \u003c= - Symlink Attack",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/01/5"
},
{
"name": "[oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 \u003c= - Symlink Attack",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/01/4"
},
{
"name": "[oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 \u003c= - Symlink Attack",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/01/9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The installer in PEAR 1.9.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1072."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20110228 Re: CVE Request: PEAR Installer 1.9.1 \u003c= - Symlink Attack",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/02/28/5"
},
{
"name": "[oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 \u003c= - Symlink Attack",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/01/7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://pear.php.net/bugs/bug.php?id=18056"
},
{
"name": "[oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 \u003c= - Symlink Attack",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/01/8"
},
{
"name": "pear-package-symlink(65911)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65911"
},
{
"name": "[oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 \u003c= - Symlink Attack",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/01/5"
},
{
"name": "[oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 \u003c= - Symlink Attack",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/01/4"
},
{
"name": "[oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 \u003c= - Symlink Attack",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/01/9"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1144",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The installer in PEAR 1.9.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1072."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110228 Re: CVE Request: PEAR Installer 1.9.1 \u003c= - Symlink Attack",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/02/28/5"
},
{
"name": "[oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 \u003c= - Symlink Attack",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/01/7"
},
{
"name": "http://pear.php.net/bugs/bug.php?id=18056",
"refsource": "MISC",
"url": "http://pear.php.net/bugs/bug.php?id=18056"
},
{
"name": "[oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 \u003c= - Symlink Attack",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/01/8"
},
{
"name": "pear-package-symlink(65911)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65911"
},
{
"name": "[oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 \u003c= - Symlink Attack",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/01/5"
},
{
"name": "[oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 \u003c= - Symlink Attack",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/01/4"
},
{
"name": "[oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 \u003c= - Symlink Attack",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/01/9"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1144",
"datePublished": "2011-03-03T00:00:00.000Z",
"dateReserved": "2011-03-02T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:14:27.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1072 (GCVE-0-2011-1072)
Vulnerability from cvelistv5 – Published: 2011-03-03 00:00 – Updated: 2024-08-06 22:14
VLAI
Summary
The installer in PEAR before 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories, a different vulnerability than CVE-2007-2519.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
19 references
Date Public
2011-02-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:14:27.808Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110228 Re: CVE Request: PEAR Installer 1.9.1 \u003c= - Symlink Attack",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/02/28/5"
},
{
"name": "[oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 \u003c= - Symlink Attack",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/01/7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=546164"
},
{
"name": "43533",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43533"
},
{
"name": "[oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 \u003c= - Symlink Attack",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/01/8"
},
{
"name": "[oss-security] 20110228 Re: CVE Request: PEAR Installer 1.9.1 \u003c= - Symlink Attack",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/02/28/12"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://news.php.net/php.pear.cvs/61264"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://security-tracker.debian.org/tracker/CVE-2011-1072"
},
{
"name": "[oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 \u003c= - Symlink Attack",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/01/5"
},
{
"name": "[oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 \u003c= - Symlink Attack",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/01/4"
},
{
"name": "RHSA-2011:1741",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1741.html"
},
{
"name": "MDVSA-2011:187",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:187"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pear.php.net/bugs/bug.php?id=18056"
},
{
"name": "[oss-security] 20110228 CVE Request: PEAR Installer 1.9.1 \u003c= - Symlink Attack",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/02/28/3"
},
{
"name": "pear-pear-installer-symlink(65721)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65721"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.php.net/viewvc?view=revision\u0026revision=308687"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pear.php.net/advisory-20110228.txt"
},
{
"name": "46605",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46605"
},
{
"name": "[oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 \u003c= - Symlink Attack",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/01/9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The installer in PEAR before 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories, a different vulnerability than CVE-2007-2519."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20110228 Re: CVE Request: PEAR Installer 1.9.1 \u003c= - Symlink Attack",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/02/28/5"
},
{
"name": "[oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 \u003c= - Symlink Attack",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/01/7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=546164"
},
{
"name": "43533",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43533"
},
{
"name": "[oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 \u003c= - Symlink Attack",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/01/8"
},
{
"name": "[oss-security] 20110228 Re: CVE Request: PEAR Installer 1.9.1 \u003c= - Symlink Attack",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/02/28/12"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://news.php.net/php.pear.cvs/61264"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://security-tracker.debian.org/tracker/CVE-2011-1072"
},
{
"name": "[oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 \u003c= - Symlink Attack",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/01/5"
},
{
"name": "[oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 \u003c= - Symlink Attack",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/01/4"
},
{
"name": "RHSA-2011:1741",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1741.html"
},
{
"name": "MDVSA-2011:187",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:187"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pear.php.net/bugs/bug.php?id=18056"
},
{
"name": "[oss-security] 20110228 CVE Request: PEAR Installer 1.9.1 \u003c= - Symlink Attack",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/02/28/3"
},
{
"name": "pear-pear-installer-symlink(65721)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65721"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.php.net/viewvc?view=revision\u0026revision=308687"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pear.php.net/advisory-20110228.txt"
},
{
"name": "46605",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46605"
},
{
"name": "[oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 \u003c= - Symlink Attack",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/01/9"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1072",
"datePublished": "2011-03-03T00:00:00.000Z",
"dateReserved": "2011-02-24T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:14:27.808Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0144 (GCVE-0-2006-0144)
Vulnerability from cvelistv5 – Published: 2006-01-09 23:00 – Updated: 2024-08-07 16:25
VLAI
Summary
The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2006/0148 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/bid/16174 | vdb-entryx_refsource_BID |
| http://apache2triad.net/forums/viewtopic.php?p=14670 | x_refsource_CONFIRM |
| http://secunia.com/advisories/18390 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/archive/1/421469/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2006-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:25:33.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-0148",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0148"
},
{
"name": "16174",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16174"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://apache2triad.net/forums/viewtopic.php?p=14670"
},
{
"name": "18390",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18390"
},
{
"name": "gopear-proxy-redirection(24076)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24076"
},
{
"name": "20060109 New PEAR / Apache2Triad Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/421469/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-0148",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0148"
},
{
"name": "16174",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16174"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://apache2triad.net/forums/viewtopic.php?p=14670"
},
{
"name": "18390",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18390"
},
{
"name": "gopear-proxy-redirection(24076)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24076"
},
{
"name": "20060109 New PEAR / Apache2Triad Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/421469/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0144",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0148",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0148"
},
{
"name": "16174",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16174"
},
{
"name": "http://apache2triad.net/forums/viewtopic.php?p=14670",
"refsource": "CONFIRM",
"url": "http://apache2triad.net/forums/viewtopic.php?p=14670"
},
{
"name": "18390",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18390"
},
{
"name": "gopear-proxy-redirection(24076)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24076"
},
{
"name": "20060109 New PEAR / Apache2Triad Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/421469/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0144",
"datePublished": "2006-01-09T23:00:00.000Z",
"dateReserved": "2006-01-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:25:33.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4154 (GCVE-0-2005-4154)
Vulnerability from cvelistv5 – Published: 2005-12-11 02:00 – Updated: 2024-08-07 23:38
VLAI
Summary
Unspecified vulnerability in PEAR installer 1.4.2 and earlier allows user-assisted attackers to execute arbitrary code via a crafted package that can execute code when the pear command is executed or when the Web/Gtk frontend is loaded.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/17563/ | third-party-advisoryx_refsource_SECUNIA |
| http://securitytracker.com/alerts/2005/Nov/1015161.html | vdb-entryx_refsource_SECTRACK |
| http://pear.php.net/advisory-20051104.txt | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2005/2444 | vdb-entryx_refsource_VUPEN |
Date Public
2005-11-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:38:50.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "pear-installer-code-execution(23021)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23021"
},
{
"name": "17563",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17563/"
},
{
"name": "1015161",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/alerts/2005/Nov/1015161.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pear.php.net/advisory-20051104.txt"
},
{
"name": "ADV-2005-2444",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2444"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in PEAR installer 1.4.2 and earlier allows user-assisted attackers to execute arbitrary code via a crafted package that can execute code when the pear command is executed or when the Web/Gtk frontend is loaded."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "pear-installer-code-execution(23021)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23021"
},
{
"name": "17563",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17563/"
},
{
"name": "1015161",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/alerts/2005/Nov/1015161.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pear.php.net/advisory-20051104.txt"
},
{
"name": "ADV-2005-2444",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2444"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4154",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in PEAR installer 1.4.2 and earlier allows user-assisted attackers to execute arbitrary code via a crafted package that can execute code when the pear command is executed or when the Web/Gtk frontend is loaded."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "pear-installer-code-execution(23021)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23021"
},
{
"name": "17563",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17563/"
},
{
"name": "1015161",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/alerts/2005/Nov/1015161.html"
},
{
"name": "http://pear.php.net/advisory-20051104.txt",
"refsource": "CONFIRM",
"url": "http://pear.php.net/advisory-20051104.txt"
},
{
"name": "ADV-2005-2444",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2444"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4154",
"datePublished": "2005-12-11T02:00:00.000Z",
"dateReserved": "2005-12-11T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:38:50.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}