Download
| Alert*
oval:org.secpod.oval:def:70291
php-pear: PHP Extension and Application Repository PEAR could be made to run programs as an administrator. oval:org.secpod.oval:def:507251 The php-pear package contains the PHP Extension and Application Repository , a framework and distribution system for reusable PHP components. Security Fix: * Archive_Tar: allows an unserialization attack because phar: is blocked but PHAR: is not blocked * Archive_Tar: improper filename sanitization ... oval:org.secpod.oval:def:507157 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix: * Archive_Tar: allows an unserialization attack because phar: is blocked but PHAR: is not blocked * Archive_Tar: improper filename sanitization leads to file overwrites * Archive_Tar: directory trav ... oval:org.secpod.oval:def:120751 Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure. oval:org.secpod.oval:def:1506008 php-pear [1:1.10.13-1] - update PEAR to 1.10.13 - update Archive_Tar to 1.4.14 oval:org.secpod.oval:def:1506132 [1:1.9.4-23] - update Archive_Tar to 1.4.14 CVE-2020-36193 CVE-2020-28948 CVE-2020-28949 oval:org.secpod.oval:def:1601395 Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked. Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack can still succeed oval:org.secpod.oval:def:119130 PEAR is a framework and distribution system for reusable PHP components. This package contains the basic PEAR components. oval:org.secpod.oval:def:119127 PEAR is a framework and distribution system for reusable PHP components. This package contains the basic PEAR components. oval:org.secpod.oval:def:4501085 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix: * Archive_Tar: allows an unserialization attack because phar: is blocked but PHAR: is not blocked * Archive_Tar: improper filename sanitization leads to file overwrites * Archive_Tar: directory trav ... oval:org.secpod.oval:def:2106621 Oracle Solaris 11 - ( CVE-2020-28948 ) oval:org.secpod.oval:def:2500809 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. oval:org.secpod.oval:def:1700533 Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked. Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack can still succeed oval:org.secpod.oval:def:69837 Two vulnerabilities were discovered in the PEAR Archive_Tar package for handling tar files in PHP, potentially allowing a remote attacker to execute arbitrary code or overwrite files. oval:org.secpod.oval:def:605359 Two vulnerabilities were discovered in the PEAR Archive_Tar package for handling tar files in PHP, potentially allowing a remote attacker to execute arbitrary code or overwrite files. oval:org.secpod.oval:def:705789 php-pear: PHP Extension and Application Repository PEAR could be made to run programs as an administrator. |