A vulnerability in the PEAR installer has been found which allows arbitrary code execution. All versions of the installer up to and including release 1.4.2 are affected by this. A poorly-implemented feature allows a package installed by the PEAR installer...
Main > Security - Page 1 of 1
November 23, 2005
November 12, 2005
Christopher Kunz have posted a suggestion to increase PEAR security. The latest PHP worm (lupii) attacks systems that are vulnerable to a remote code execution hole in PEAR::XMLRPC (or phpxmlrpc). It can only propagate on systems whose administrators have neglected...
September 4, 2005
HTML_Safe have been just released, a first beta 1.0.0RC1 as a PEAR Package. Its main goal is to strips down all potentially dangerous content within HTML. SafeHTML is using HTMLSax to parse HTML. Danerous tags within HTML includes : opening...
August 16, 2005
Stefan Esser, Hardened-PHP Project, posted today a security alert about XMLRPC. After Gulftech released their PHP code injection advisory in the end of June 2005 we sheduled the code for an audit from our side. Unfortunately we were able to...
