The proxy server feature in go-pear.php in PHP PEAR 0.2.2 allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
Gammarays has reported a security issue in Apache2Triad, which potentially can be exploited by malicious people to compromise a vulnerable system.
The problem is that the PEAR installer Go-PEAR is stored insecurely in "php/pear/go-pear.php" inside the web root. This can be exploited to execute arbitrary PHP code by configuring the installer to use a malicious proxy server when downloading files.
Solution:
Upgrade to a Apache2Triad 1.x.4 release
Isabella12
Joined: 22 Oct 2009
Posts: 1
Posted:
Mon Nov 02, 2009 10:17 pm
Provides methods to read and manipulate trees, which are stored in a database (via DB, MDB and MDB2) or an XML file. The trees can be stored in the DB either as nested trees.
Or as simple trees, which use parentId-like structure.
Currently XML data can only be read from a file and accessed.
Generic Viagra
kai
Joined: 30 Oct 2009
Posts: 1
Location: DAD
Posted:
Tue Nov 03, 2009 2:02 pm
I maintain several servers to companies with large tares as Buy Viagra and I wonder how good a proxy server in go-type PEAR.php PEAR in PHP 0.2.2 go-PEAR.php refocused and if this will give me security problems as did the Apache2Triad?
View next topic View previous topic
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You cannot download files in this forum
