exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

CVE-2020-28949

Status Candidate

Overview

Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed.

Related Files

Red Hat Security Advisory 2022-7340-01
Posted Nov 3, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-7340-01 - The php-pear package contains the PHP Extension and Application Repository, a framework and distribution system for reusable PHP components. Issues addressed include file overwrite and traversal vulnerabilities.

tags | advisory, php, vulnerability
systems | linux, redhat
advisories | CVE-2020-28948, CVE-2020-28949, CVE-2020-36193
SHA-256 | a7fa9058c1eedb244721abe0a8c951c08858548c0d0aa8043efb04595a1418a9
Red Hat Security Advisory 2022-6541-01
Posted Sep 19, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6541-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include file overwrite and traversal vulnerabilities.

tags | advisory, web, php, vulnerability
systems | linux, redhat
advisories | CVE-2020-28948, CVE-2020-28949, CVE-2020-36193
SHA-256 | 31e06af192874dd30d3a85b7cb09c29d3a3dcfb884ab079d8e1ed05690b96675
Red Hat Security Advisory 2022-6542-01
Posted Sep 15, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6542-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include file overwrite and traversal vulnerabilities.

tags | advisory, web, php, vulnerability
systems | linux, redhat
advisories | CVE-2020-28948, CVE-2020-28949, CVE-2020-36193
SHA-256 | 68bf1d235da93117cff40ab6ea814ef4085f0dc2038277e7f4087fb2b57977d3
Gentoo Linux Security Advisory 202101-23
Posted Jan 26, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202101-23 - Multiple vulnerabilities have been found in PEAR Archive_Tar, the worst of which could result in the arbitrary execution of code. Versions prior to 1.4.12 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2020-28948, CVE-2020-28949, CVE-2020-36193
SHA-256 | 23c60404ece473e34d6e965ed7a8107728f79654767a5fd6af210fcf4330db3f
PEAR Archive_Tar Arbitrary File Write
Posted Jan 25, 2021
Authored by gwillcox-r7, xorathustra | Site metasploit.com

This Metasploit module takes advantages of Archive_Tar versions prior to 1.4.11 which fail to validate file stream wrappers contained within filenames to write an arbitrary file containing user controlled content to an arbitrary file on disk. Note that the file will be written to disk with the permissions of the user that PHP is running as, so it may not be possible to overwrite some files if the PHP user is not appropriately privileged.

tags | exploit, arbitrary, php
advisories | CVE-2020-28949
SHA-256 | 1019e130477e9832a8566af946e7e3daa33b70f86ad034baced9732c7dae0aa5
Debian Security Advisory 4817-1
Posted Dec 28, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4817-1 - Two vulnerabilities were discovered in the PEAR Archive_Tar package for handling tar files in PHP, potentially allowing a remote attacker to execute arbitrary code or overwrite files.

tags | advisory, remote, arbitrary, php, vulnerability
systems | linux, debian
advisories | CVE-2020-28948, CVE-2020-28949
SHA-256 | 55d35347b0095ee7302f943e512c864a3ce5dbf064f74322a52bab2f3e2a85eb
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close