Pear: Security Vulnerabilities
Directory traversal vulnerability in the "remember me" feature in liveuser.php in PHP Extension and Application Repository (PEAR) LiveUser 0.16.8 and earlier allows remote attackers to determine file existence, and possibly delete arbitrary files with short pathnames or possibly read arbitrary files, via a .. (dot dot) in the store_id value of a cookie.
CVSS Score
6.4
EPSS Score
0.142
Published
2006-02-23
Unspecified vulnerability in PEAR Text_Password 1.0 has unknown impact and attack vectors, related to "problematic seeding" of the random number generator, possibly predictable seeds.
CVSS Score
10.0
EPSS Score
0.004
Published
2005-12-31
Page 3