1091 matches found
[SECURITY] [DSA 842-1] New egroupware packages fix arbitrary code execution
-------------------------------------------------------------------------- Debian Security Advisory DSA 842-1 [email protected] http://www.debian.org/security/ Martin Schulze October 4th, 2005 http://www.debian.org/security/faq -...
DSA-842-1 egroupware - missing input sanitising
Bulletin has no description...
Ruby library contains vulnerable default value
Overview Ruby includes a vulnerable default value that may be used to bypass security restrictions and execute arbitrary code. Description Ruby is vulnerable to an attack on applications using the XML-RPC services via XMLRPC.iPIMethods, due to an insecure default value in utils.rb. Any program or...
PHP: Vulnerabilities in included PCRE and XML-RPC libraries
Background PHP is a general-purpose scripting language widely used to develop web-based applications. It can run inside a web server using the modphp module or the CGI version of PHP, or can run stand-alone in a CLI. Description PHP makes use of a private copy of libpcre which is subject to an...
GLSA-200508-20 : phpGroupWare: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200508-20 phpGroupWare: Multiple vulnerabilities phpGroupWare improperly validates the 'mid' parameter retrieved via a forum post. The current version of phpGroupWare also adds several safeguards to prevent XSS issues, and disable...
Debian DSA-798-1 : phpgroupware - several vulnerabilities
Several vulnerabilities have been discovered in phpgroupware, a web-based groupware system written in PHP. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-2498 Stefan Esser discovered another vulnerability in the XML-RPC libraries that allows...
GLSA-200508-21 : phpWebSite: Arbitrary command execution through XML-RPC and SQL injection
The remote host is affected by the vulnerability described in GLSA-200508-21 phpWebSite: Arbitrary command execution through XML-RPC and SQL injection phpWebSite uses an XML-RPC library that improperly handles XML-RPC requests and responses with malformed nested tags. Furthermore, 'matrixkiller'...
[SECURITY] [DSA 798-1] New phproupware packages fix several vulnerabilities
-------------------------------------------------------------------------- Debian Security Advisory DSA 798-1 [email protected] http://www.debian.org/security/ Martin Schulze September 2nd, 2005 http://www.debian.org/security/faq -...
[SECURITY] [DSA 798-1] New phproupware packages fix several vulnerabilities
-------------------------------------------------------------------------- Debian Security Advisory DSA 798-1 [email protected] http://www.debian.org/security/ Martin Schulze September 2nd, 2005 http://www.debian.org/security/faq -...
DSA-798-1 phpgroupware - several
Bulletin has no description...
php security update
CentOS Errata and Security Advisory CESA-2005:0831-001 Updated PHP packages that fix a security issue are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache...
phpWebSite: Arbitrary command execution through XML-RPC and SQL injection
Background phpWebSite is a web site content management system. Description phpWebSite uses an XML-RPC library that improperly handles XML-RPC requests and responses with malformed nested tags. Furthermore, "matrixkiller" reported that phpWebSite is vulnerable to an SQL injection attack. Impact A...
GLSA-200508-14 : TikiWiki, eGroupWare: Arbitrary command execution through XML-RPC
The remote host is affected by the vulnerability described in GLSA-200508-14 TikiWiki, eGroupWare: Arbitrary command execution through XML-RPC The XML-RPC library shipped in TikiWiki and eGroupWare improperly handles XML-RPC requests and responses with malformed nested tags. Impact : A remote...
GLSA-200508-13 : PEAR XML-RPC, phpxmlrpc: New PHP script injection vulnerability
The remote host is affected by the vulnerability described in GLSA-200508-13 PEAR XML-RPC, phpxmlrpc: New PHP script injection vulnerability Stefan Esser of the Hardened-PHP Project discovered that the PEAR XML-RPC and phpxmlrpc libraries were improperly handling XMLRPC requests and responses wit...
GLSA-200508-18 : PhpWiki: Arbitrary command execution through XML-RPC
The remote host is affected by the vulnerability described in GLSA-200508-18 PhpWiki: Arbitrary command execution through XML-RPC Earlier versions of PhpWiki contain an XML-RPC library that improperly handles XML-RPC requests and responses with malformed nested tags. Impact : A remote attacker...
Debian DSA-789-1 : php4 - several vulnerabilities
Several security related problems have been found in PHP4, the server-side, HTML-embedded scripting language. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-1751 Eric Romang discovered insecure temporary files in the shtool utility shipped with PHP...
[SECURITY] [DSA 789-1] New PHP 4 packages fix several vulnerabilities
-------------------------------------------------------------------------- Debian Security Advisory DSA 789-1 [email protected] http://www.debian.org/security/ Martin Schulze August 29th, 2005 http://www.debian.org/security/faq -...
phpAdsNew / phpPgAds < 2.0.6 Multiple Vulnerabilities
The remote host is running phpAdsNew / phpPgAds, an open source banner ad server. The version of phpAdsNews / phpPgAds installed on the remote host suffers from several flaws : - Remote PHP Code Injection Vulnerability The XML-RPC library bundled with the application allows an attacker to inject...
PhpWiki: Arbitrary command execution through XML-RPC
Background PhpWiki is an application that creates a web site where anyone can edit the pages through HTML forms. Description Earlier versions of PhpWiki contain an XML-RPC library that improperly handles XML-RPC requests and responses with malformed nested tags. Impact A remote attacker could...
PEAR XML-RPC, phpxmlrpc: New PHP script injection vulnerability
Background The PEAR XML-RPC and phpxmlrpc libraries are both PHP implementations of the XML-RPC protocol. Description Stefan Esser of the Hardened-PHP Project discovered that the PEAR XML-RPC and phpxmlrpc libraries were improperly handling XMLRPC requests and responses with malformed nested tags...