Download
| Alert*
oval:org.secpod.oval:def:70372
php-pear: PHP Extension and Application Repository PEAR could be made to overwrite files as the administrator. oval:org.secpod.oval:def:507251 The php-pear package contains the PHP Extension and Application Repository , a framework and distribution system for reusable PHP components. Security Fix: * Archive_Tar: allows an unserialization attack because phar: is blocked but PHAR: is not blocked * Archive_Tar: improper filename sanitization ... oval:org.secpod.oval:def:71570 It was discovered that the PEAR Archive_Tar package for handling tar files in PHP is prone to a directory traversal flaw due to inadequate checking of symbolic links. oval:org.secpod.oval:def:507157 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix: * Archive_Tar: allows an unserialization attack because phar: is blocked but PHAR: is not blocked * Archive_Tar: improper filename sanitization leads to file overwrites * Archive_Tar: directory trav ... oval:org.secpod.oval:def:120751 Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure. oval:org.secpod.oval:def:1601417 Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links oval:org.secpod.oval:def:119336 PEAR is a framework and distribution system for reusable PHP components. This package contains the basic PEAR components. oval:org.secpod.oval:def:1506132 [1:1.9.4-23] - update Archive_Tar to 1.4.14 CVE-2020-36193 CVE-2020-28948 CVE-2020-28949 oval:org.secpod.oval:def:119350 PEAR is a framework and distribution system for reusable PHP components. This package contains the basic PEAR components. oval:org.secpod.oval:def:1506008 php-pear [1:1.10.13-1] - update PEAR to 1.10.13 - update Archive_Tar to 1.4.14 oval:org.secpod.oval:def:4501085 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix: * Archive_Tar: allows an unserialization attack because phar: is blocked but PHAR: is not blocked * Archive_Tar: improper filename sanitization leads to file overwrites * Archive_Tar: directory trav ... oval:org.secpod.oval:def:2500809 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. oval:org.secpod.oval:def:705885 php-pear: PHP Extension and Application Repository PEAR could be made to overwrite files as the administrator. oval:org.secpod.oval:def:1700559 Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links oval:org.secpod.oval:def:605496 It was discovered that the PEAR Archive_Tar package for handling tar files in PHP is prone to a directory traversal flaw due to inadequate checking of symbolic links. |