CVE-2007-2519 – PHP PEAR 1.5.3 - INSTALL-AS Attribute Arbitrary File Overwrite
https://notcve.org/view.php?id=CVE-2007-2519
Directory traversal vulnerability in the installer in PEAR 1.0 through 1.5.3 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the (1) install-as attribute in the file element in package.xml 1.0 or the (2) as attribute in the install element in package.xml 2.0. NOTE: it could be argued that this does not cross privilege boundaries in typical installations, since the code being installed could perform the same actions. Vulnerabilidad de salto de directorio en el instalador en PEAR 1.0 hasat 1.5.3 permite a atacantes remotos con la intervención del usuario sobrescribir archivos de su elección mediante una secuencia .. (punto punto) en (1) el atributo install-as en el elemento fichero (file) en package.xml 1.0 o (2) el atributo as en el elemento instación (install) en package.xml 2.0. • https://www.exploit-db.com/exploits/30074 http://osvdb.org/42108 http://pear.php.net/advisory-20070507.txt http://pear.php.net/news/vulnerability2.php http://secunia.com/advisories/25372 http://www.mandriva.com/security/advisories?name=MDKSA-2007:110 http://www.securityfocus.com/bid/24111 http://www.ubuntu.com/usn/usn-462-1 http://www.vupen.com/english/advisories/2007/1926 https://exchange.xforce.ibmcloud.com/vulnerabilities/34482 •
CVE-2006-0144
https://notcve.org/view.php?id=CVE-2006-0144
The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function. • http://apache2triad.net/forums/viewtopic.php?p=14670 http://secunia.com/advisories/18390 http://www.securityfocus.com/archive/1/421469/100/0/threaded http://www.securityfocus.com/bid/16174 http://www.vupen.com/english/advisories/2006/0148 https://exchange.xforce.ibmcloud.com/vulnerabilities/24076 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2005-4154
https://notcve.org/view.php?id=CVE-2005-4154
Unspecified vulnerability in PEAR installer 1.4.2 and earlier allows user-assisted attackers to execute arbitrary code via a crafted package that can execute code when the pear command is executed or when the Web/Gtk frontend is loaded. Vulnerabilidad no especificad en el PEAR installer 1.4.2 y anteriores permite a atacantes con la implicación de los usuarios ejecutar código de su elección mediante un paquete artesanal que puede ejecutar cóidog cuando el comando 'pear' es ejecutado cuando el frontal Web/Gtk es cargado. • http://pear.php.net/advisory-20051104.txt http://secunia.com/advisories/17563 http://securitytracker.com/alerts/2005/Nov/1015161.html http://www.vupen.com/english/advisories/2005/2444 https://exchange.xforce.ibmcloud.com/vulnerabilities/23021 •