CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2015-10028 – ss15-this-is-sparta Main Page roomElement.js cross site scripting
https://notcve.org/view.php?id=CVE-2015-10028
07 Jan 2023 — A vulnerability has been found in ss15-this-is-sparta and classified as problematic. This vulnerability affects unknown code of the file js/roomElement.js of the component Main Page. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of the patch is ba2f71ad3a46e5949ee0c510b544fa4ea973baaa. • https://github.com/mauriciosoares/ss15-this-is-sparta/commit/ba2f71ad3a46e5949ee0c510b544fa4ea973baaa • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-24953
https://notcve.org/view.php?id=CVE-2022-24953
17 Feb 2022 — The Crypt_GPG extension before 1.6.7 for PHP does not prevent additional options in GPG calls, which presents a risk for certain environments and GPG versions. La extensión Crypt_GPG versiones anteriores a 1.6.7 para PHP, no evita las opciones adicionales en las llamadas GPG, lo que presenta un riesgo para determinados entornos y versiones de GPG • https://github.com/pear/Crypt_GPG/commit/29c0fbe96d0d4063ecd5c9a4644cb65a7fb7cc4e • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 9.8EPSS: 4%CPEs: 15EXPL: 0CVE-2017-5677
https://notcve.org/view.php?id=CVE-2017-5677
06 Feb 2017 — PEAR HTML_AJAX 0.3.0 through 0.5.7 has a PHP Object Injection Vulnerability in the PHP Serializer. It allows remote code execution. In one viewpoint, the root cause is an incorrect regular expression. PEAR HTML_AJAX 0.3.0 hasta la versión 0.5.7 tiene una vulnerabilidad de Inyección de objetos PHP en el PHP Serializer. Permite la ejecución remota de código. • http://blog.pear.php.net/2017/02/02/security-html_ajax-058 •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2009-4111 – Gentoo Linux Security Advisory 201412-09
https://notcve.org/view.php?id=CVE-2009-4111
28 Nov 2009 — Argument injection vulnerability in Mail/sendmail.php in the Mail package 1.1.14, 1.2.0b2, and possibly other versions for PEAR allows remote attackers to read and write arbitrary files via a crafted $recipients parameter, and possibly other parameters, a different vulnerability than CVE-2009-4023. Vulnerabilidad de inyección de argumento en Mail/sendmail.php en Mail package v1.1.14, v1.2.0b2, y probablemente otras versiones para PEAR permite a atacantes remotos leer y escribir archivos de su elección a tra... • http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.1EPSS: 3%CPEs: 1EXPL: 1CVE-2009-4023 – Gentoo Linux Security Advisory 201412-09
https://notcve.org/view.php?id=CVE-2009-4023
28 Nov 2009 — Argument injection vulnerability in the sendmail implementation of the Mail::Send method (Mail/sendmail.php) in the Mail package 1.1.14 for PEAR allows remote attackers to read and write arbitrary files via a crafted $from parameter, a different vector than CVE-2009-4111. Vulnerabilidad de inyección de argumento en la implementación sendmail del método Mail::Send (Mail/sendmail.php) en el paquete Mail v1.1.14 para for PEAR, permite a atacantes remotos leer y escribir ficheros de su elección a través de un p... • http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 2%CPEs: 11EXPL: 0CVE-2009-4024
https://notcve.org/view.php?id=CVE-2009-4024
28 Nov 2009 — Argument injection vulnerability in the ping function in Ping.php in the Net_Ping package before 2.4.5 for PEAR allows remote attackers to execute arbitrary shell commands via the host parameter. NOTE: this has also been reported as a shell metacharacter problem. La vulnerabilidad de inyección de argumentos en la función ping en el archivo Ping.php en el paquete Net_Ping anterior a versión 2.4.5 para PEAR, permite a los atacantes remotos ejecutar comandos de shell arbitrarios por medio del parámetro host. N... • http://blog.pear.php.net/2009/11/14/net_traceroute-and-net_ping-security-advisory • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 5%CPEs: 4EXPL: 0CVE-2009-4025
https://notcve.org/view.php?id=CVE-2009-4025
28 Nov 2009 — Argument injection vulnerability in the traceroute function in Traceroute.php in the Net_Traceroute package before 0.21.2 for PEAR allows remote attackers to execute arbitrary shell commands via the host parameter. NOTE: some of these details are obtained from third party information. Vulnerabilidad de inyección de argumento en la función traceroute en el paquete Net_Traceroute anterior a v0.21.2 para PEAR, permite a atacantes remotos ejecutar comandos de su elección a través del parámetro host. NOTA: algun... • http://blog.pear.php.net/2009/11/14/net_traceroute-and-net_ping-security-advisory • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2007-5934
https://notcve.org/view.php?id=CVE-2007-5934
13 Nov 2007 — The LOB functionality in PEAR MDB2 before 2.5.0a1 interprets a request to store a URL string as a request to retrieve and store the contents of the URL, which might allow remote attackers to use MDB2 as an indirect proxy or obtain sensitive information via a URL into a form field in an MDB2 application, as demonstrated by a file:// URL or a URL for an intranet web site. La funcionalidad LOB en PEAR MDB2 anterior a 2.5.0a1 interpreta una respuesta para almacenar una cadena que contiene una URL, lo cual podrí... • http://bugs.gentoo.org/show_bug.cgi?id=198446 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3628
https://notcve.org/view.php?id=CVE-2007-3628
09 Jul 2007 — Unspecified vulnerability in the fetch function in MDB2.php in PEAR Structures-DataGrid-DataSource-MDB2 0.1.9 and earlier allows attackers to "manipulate the generated sorting queries." Vulnerabilidad no especificada en la función fetch en MDB2.php en PEAR Structures-DataGrid-DataSource-MDB2 0.1.9 y anteriores permite a atacantes remotos "manipular la ordenación generada de preguntas". • http://osvdb.org/45805 •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2006-0931
https://notcve.org/view.php?id=CVE-2006-0931
28 Feb 2006 — Directory traversal vulnerability in PEAR::Archive_Tar 1.2, and other versions before 1.3.2, allows remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a TAR archive. • http://pear.php.net/bugs/bug.php?id=6933 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •