Vulnerabilities > Pear

DATE CVE VULNERABILITY TITLE RISK
2022-02-17 CVE-2022-24953 Argument Injection or Modification vulnerability in Pear Crypt GPG
The Crypt_GPG extension before 1.6.7 for PHP does not prevent additional options in GPG calls, which presents a risk for certain environments and GPG versions.
network
low complexity
pear CWE-88
5.3
2017-02-06 CVE-2017-5677 PHP Object Injection vulnerability in PEAR HTML_AJAX
PEAR HTML_AJAX 0.3.0 through 0.5.7 has a PHP Object Injection Vulnerability in the PHP Serializer.
network
low complexity
pear
7.5
2009-11-29 CVE-2009-4111 Code Injection vulnerability in Pear Mail 1.1.14/1.2.0B2
Argument injection vulnerability in Mail/sendmail.php in the Mail package 1.1.14, 1.2.0b2, and possibly other versions for PEAR allows remote attackers to read and write arbitrary files via a crafted $recipients parameter, and possibly other parameters, a different vulnerability than CVE-2009-4023.
network
pear CWE-94
6.8
2009-11-29 CVE-2009-4025 OS Command Injection vulnerability in Pear 0.11/0.20/0.21
Argument injection vulnerability in the traceroute function in Traceroute.php in the Net_Traceroute package before 0.21.2 for PEAR allows remote attackers to execute arbitrary shell commands via the host parameter.
network
low complexity
pear CWE-78
critical
10.0
2009-11-29 CVE-2009-4024 Code Injection vulnerability in Pear
Argument injection vulnerability in the ping function in Ping.php in the Net_Ping package before 2.4.5 for PEAR allows remote attackers to execute arbitrary shell commands via the host parameter.
network
low complexity
pear CWE-94
critical
10.0
2009-11-29 CVE-2009-4023 Code Injection vulnerability in Pear 1.1.14
Argument injection vulnerability in the sendmail implementation of the Mail::Send method (Mail/sendmail.php) in the Mail package 1.1.14 for PEAR allows remote attackers to read and write arbitrary files via a crafted $from parameter, a different vector than CVE-2009-4111.
network
low complexity
pear CWE-94
7.5
2007-11-13 CVE-2007-5934 Information Exposure vulnerability in Pear Structures Datagrid Datasource Mdb2
The LOB functionality in PEAR MDB2 before 2.5.0a1 interprets a request to store a URL string as a request to retrieve and store the contents of the URL, which might allow remote attackers to use MDB2 as an indirect proxy or obtain sensitive information via a URL into a form field in an MDB2 application, as demonstrated by a file:// URL or a URL for an intranet web site.
network
pear CWE-200
4.3
2007-07-09 CVE-2007-3628 Remote Security vulnerability in Structures Datagrid Datasource Mdb2
Unspecified vulnerability in the fetch function in MDB2.php in PEAR Structures-DataGrid-DataSource-MDB2 0.1.9 and earlier allows attackers to "manipulate the generated sorting queries."
network
low complexity
pear
5.0
2006-02-28 CVE-2006-0932 Directory Traversal vulnerability in Pear Archive ZIP 1.1
Directory traversal vulnerability in zip.lib.php 0.1.1 in PEAR::Archive_Zip allows remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a ZIP archive.
network
low complexity
pear
5.0
2006-02-28 CVE-2006-0931 Path Traversal vulnerability in Pear Archive TAR
Directory traversal vulnerability in PEAR::Archive_Tar 1.2, and other versions before 1.3.2, allows remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a TAR archive.
network
low complexity
pear CWE-22
5.0