RedhatCVELIST:CVE-2005-2498CVE-2005-2498
Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML-RPC for PHP), as used in multiple products including (1) Drupal, (2) phpAdsNew, (3) phpPgAds, and (4) phpgroupware, allows remote attackers to execute arbitrary PHP code via certain nested XML tags in a PHP document that should not be nested, which are injected into an eval function call, a different vulnerability than CVE-2005-1921.
References
marc.info/?l=bugtraq&m=112412415822890&w=2
marc.info/?l=bugtraq&m=112431497300344&w=2
marc.info/?l=bugtraq&m=112605112027335&w=2
secunia.com/advisories/16431
secunia.com/advisories/16432
secunia.com/advisories/16441
secunia.com/advisories/16460
secunia.com/advisories/16465
secunia.com/advisories/16468
secunia.com/advisories/16469
secunia.com/advisories/16491
secunia.com/advisories/16550
secunia.com/advisories/16558
secunia.com/advisories/16563
secunia.com/advisories/16619
secunia.com/advisories/16635
secunia.com/advisories/16693
secunia.com/advisories/16976
secunia.com/advisories/17053
secunia.com/advisories/17066
secunia.com/advisories/17440
www.debian.org/security/2005/dsa-789
www.debian.org/security/2005/dsa-798
www.debian.org/security/2005/dsa-840
www.debian.org/security/2005/dsa-842
www.fedoralegacy.org/updates/FC2/2005-11-28-FLSA_2005_166943__Updated_php_packages_fix_security_issues.html
www.gentoo.org/security/en/glsa/glsa-200509-19.xml
www.hardened-php.net/advisory_152005.67.html
www.novell.com/linux/security/advisories/2005_49_php.html
www.redhat.com/support/errata/RHSA-2005-748.html
www.securityfocus.com/archive/1/408125
www.securityfocus.com/bid/14560
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9569
Related
