Vulnerabilities > Pear
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-17 | CVE-2022-24953 | Argument Injection or Modification vulnerability in Pear Crypt GPG The Crypt_GPG extension before 1.6.7 for PHP does not prevent additional options in GPG calls, which presents a risk for certain environments and GPG versions. | 5.3 |
| 2017-02-06 | CVE-2017-5677 | PHP Object Injection vulnerability in PEAR HTML_AJAX PEAR HTML_AJAX 0.3.0 through 0.5.7 has a PHP Object Injection Vulnerability in the PHP Serializer. | 7.5 |
| 2009-11-29 | CVE-2009-4111 | Code Injection vulnerability in Pear Mail 1.1.14/1.2.0B2 Argument injection vulnerability in Mail/sendmail.php in the Mail package 1.1.14, 1.2.0b2, and possibly other versions for PEAR allows remote attackers to read and write arbitrary files via a crafted $recipients parameter, and possibly other parameters, a different vulnerability than CVE-2009-4023. | 6.8 |
| 2009-11-29 | CVE-2009-4025 | OS Command Injection vulnerability in Pear 0.11/0.20/0.21 Argument injection vulnerability in the traceroute function in Traceroute.php in the Net_Traceroute package before 0.21.2 for PEAR allows remote attackers to execute arbitrary shell commands via the host parameter. | 10.0 |
| 2009-11-29 | CVE-2009-4024 | Code Injection vulnerability in Pear Argument injection vulnerability in the ping function in Ping.php in the Net_Ping package before 2.4.5 for PEAR allows remote attackers to execute arbitrary shell commands via the host parameter. | 10.0 |
| 2009-11-29 | CVE-2009-4023 | Code Injection vulnerability in Pear 1.1.14 Argument injection vulnerability in the sendmail implementation of the Mail::Send method (Mail/sendmail.php) in the Mail package 1.1.14 for PEAR allows remote attackers to read and write arbitrary files via a crafted $from parameter, a different vector than CVE-2009-4111. | 7.5 |
| 2007-11-13 | CVE-2007-5934 | Information Exposure vulnerability in Pear Structures Datagrid Datasource Mdb2 The LOB functionality in PEAR MDB2 before 2.5.0a1 interprets a request to store a URL string as a request to retrieve and store the contents of the URL, which might allow remote attackers to use MDB2 as an indirect proxy or obtain sensitive information via a URL into a form field in an MDB2 application, as demonstrated by a file:// URL or a URL for an intranet web site. | 4.3 |
| 2007-07-09 | CVE-2007-3628 | Remote Security vulnerability in Structures Datagrid Datasource Mdb2 Unspecified vulnerability in the fetch function in MDB2.php in PEAR Structures-DataGrid-DataSource-MDB2 0.1.9 and earlier allows attackers to "manipulate the generated sorting queries." | 5.0 |
| 2006-02-28 | CVE-2006-0932 | Directory Traversal vulnerability in Pear Archive ZIP 1.1 Directory traversal vulnerability in zip.lib.php 0.1.1 in PEAR::Archive_Zip allows remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a ZIP archive. | 5.0 |
| 2006-02-28 | CVE-2006-0931 | Path Traversal vulnerability in Pear Archive TAR Directory traversal vulnerability in PEAR::Archive_Tar 1.2, and other versions before 1.3.2, allows remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a TAR archive. | 5.0 |