CVSS: 6.8EPSS: 5%CPEs: 59EXPL: 2CVE-2007-2519 – PHP PEAR 1.5.3 - INSTALL-AS Attribute Arbitrary File Overwrite
https://notcve.org/view.php?id=CVE-2007-2519
Directory traversal vulnerability in the installer in PEAR 1.0 through 1.5.3 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the (1) install-as attribute in the file element in package.xml 1.0 or the (2) as attribute in the install element in package.xml 2.0. NOTE: it could be argued that this does not cross privilege boundaries in typical installations, since the code being installed could perform the same actions. Vulnerabilidad de salto de directorio en el instalador en PEAR 1.0 hasat 1.5.3 permite a atacantes remotos con la intervención del usuario sobrescribir archivos de su elección mediante una secuencia .. (punto punto) en (1) el atributo install-as en el elemento fichero (file) en package.xml 1.0 o (2) el atributo as en el elemento instación (install) en package.xml 2.0. • https://www.exploit-db.com/exploits/30074 http://osvdb.org/42108 http://pear.php.net/advisory-20070507.txt http://pear.php.net/news/vulnerability2.php http://secunia.com/advisories/25372 http://www.mandriva.com/security/advisories?name=MDKSA-2007:110 http://www.securityfocus.com/bid/24111 http://www.ubuntu.com/usn/usn-462-1 http://www.vupen.com/english/advisories/2007/1926 https://exchange.xforce.ibmcloud.com/vulnerabilities/34482 •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0CVE-2006-3018
https://notcve.org/view.php?id=CVE-2006-3018
Unspecified vulnerability in the session extension functionality in PHP before 5.1.3 has unknown impact and attack vectors related to heap corruption. Vulnerabilidad no especificada en la funcionalidad de extensión de sesión en PHP anterior a la versión 5.1.3 tiene un impacto y vectores de ataque desconocidos, relacionados con una corrupción de memoria dinámica. • http://secunia.com/advisories/19927 http://secunia.com/advisories/21050 http://secunia.com/advisories/21125 http://securitytracker.com/id?1016306 http://www.mandriva.com/security/advisories?name=MDKSA-2006:122 http://www.osvdb.org/25254 http://www.php.net/release_5_1_3.php http://www.securityfocus.com/bid/17843 http://www.ubuntu.com/usn/usn-320-1 •
CVSS: 9.3EPSS: 1%CPEs: 1EXPL: 1CVE-2006-3016
https://notcve.org/view.php?id=CVE-2006-3016
Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown impact and attack vectors, related to "certain characters in session names," including special characters that are frequently associated with CRLF injection, SQL injection, cross-site scripting (XSS), and HTTP response splitting vulnerabilities. NOTE: while the nature of the vulnerability is unspecified, it is likely that this is related to a violation of an expectation by PHP applications that the session name is alphanumeric, as implied in the PHP manual for session_name(). • ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc http://rhn.redhat.com/errata/RHSA-2006-0736.html http://secunia.com/advisories/19927 http://secunia.com/advisories/21050 http://secunia.com/advisories/22004 http://secunia.com/advisories/22069 http://secunia.com/advisories/22225 http://secunia.com/advisories/22440 http://secunia.com/advisories/22487 http://secunia.com/advisories/23247 http://securitytracker.com/id?1016306 http://support.avaya.com/el •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2005-4731
https://notcve.org/view.php?id=CVE-2005-4731
The Next action in PEAR HTML_QuickForm_Controller 1.0.4 includes the SID in the URL even when session.use_only_cookies is configured, which allows remote attackers to obtain the SID via an HTTP Referer field and possibly other vectors. • http://pear.php.net/bugs/bug.php?id=3443 http://pear.php.net/package/HTML_QuickForm_Controller/download http://www.osvdb.org/23766 •