Vulnerabilities > Pear > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-17 | CVE-2022-24953 | Argument Injection or Modification vulnerability in Pear Crypt GPG The Crypt_GPG extension before 1.6.7 for PHP does not prevent additional options in GPG calls, which presents a risk for certain environments and GPG versions. | 5.3 |
| 2009-11-29 | CVE-2009-4111 | Code Injection vulnerability in Pear Mail 1.1.14/1.2.0B2 Argument injection vulnerability in Mail/sendmail.php in the Mail package 1.1.14, 1.2.0b2, and possibly other versions for PEAR allows remote attackers to read and write arbitrary files via a crafted $recipients parameter, and possibly other parameters, a different vulnerability than CVE-2009-4023. | 6.8 |
| 2007-11-13 | CVE-2007-5934 | Information Exposure vulnerability in Pear Structures Datagrid Datasource Mdb2 The LOB functionality in PEAR MDB2 before 2.5.0a1 interprets a request to store a URL string as a request to retrieve and store the contents of the URL, which might allow remote attackers to use MDB2 as an indirect proxy or obtain sensitive information via a URL into a form field in an MDB2 application, as demonstrated by a file:// URL or a URL for an intranet web site. | 4.3 |
| 2007-07-09 | CVE-2007-3628 | Remote Security vulnerability in Structures Datagrid Datasource Mdb2 Unspecified vulnerability in the fetch function in MDB2.php in PEAR Structures-DataGrid-DataSource-MDB2 0.1.9 and earlier allows attackers to "manipulate the generated sorting queries." | 5.0 |
| 2006-02-28 | CVE-2006-0932 | Directory Traversal vulnerability in Pear Archive ZIP 1.1 Directory traversal vulnerability in zip.lib.php 0.1.1 in PEAR::Archive_Zip allows remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a ZIP archive. | 5.0 |
| 2006-02-28 | CVE-2006-0931 | Path Traversal vulnerability in Pear Archive TAR Directory traversal vulnerability in PEAR::Archive_Tar 1.2, and other versions before 1.3.2, allows remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a TAR archive. | 5.0 |
| 2006-02-23 | CVE-2006-0869 | Unspecified vulnerability in Pear Liveuser Directory traversal vulnerability in the "remember me" feature in liveuser.php in PHP Extension and Application Repository (PEAR) LiveUser 0.16.8 and earlier allows remote attackers to determine file existence, and possibly delete arbitrary files with short pathnames or possibly read arbitrary files, via a .. | 6.4 |