Download
| Alert*
oval:org.secpod.oval:def:1700136
PEAR Archive_Tar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the Archive_Tar class. There are several file operations with `$v_header[#039;filename#039;]` as parameter . When extract is called without a specific prefix path, we can trigger unserialization by crafting a tar ... oval:org.secpod.oval:def:53500 Fariskhi Vidyan discovered that the PEAR Archive_Tar package for handling tar files in PHP is prone to a PHP object injection vulnerability, potentially allowing a remote attacker to execute arbitrary code. oval:org.secpod.oval:def:704439 php-pear: PHP Extension and Application Repository XXX FILL ME IN: Summary for regular users XXX XXX LOCAL TEMPLATES XXX PEAR could be made to run programs if it processed a specially crafted file. oval:org.secpod.oval:def:51193 php-pear: PHP Extension and Application Repository XXX FILL ME IN: Summary for regular users XXX XXX LOCAL TEMPLATES XXX PEAR could be made to run programs if it processed a specially crafted file. oval:org.secpod.oval:def:603617 Fariskhi Vidyan discovered that the PEAR Archive_Tar package for handling tar files in PHP is prone to a PHP object injection vulnerability, potentially allowing a remote attacker to execute arbitrary code. |