TikiWiki, eGroupWare: Arbitrary command execution through XML-RPC

Background TikiWiki is a full featured Free Software Wiki, CMS and Groupware written in PHP. eGroupWare is a web-based collaboration software suite. Both TikiWiki and eGroupWare include a PHP library to handle XML-RPC requests. Description The XML-RPC library shipped in TikiWiki and eGroupWare...

RHEL 4 : php (RHSA-2005:748)

The remote Redhat Enterprise Linux 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2005:748 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A bug was discovered in the PEAR XML-RPC Server package...

php security update

CentOS Errata and Security Advisory CESA-2005:748 Updated PHP packages that fix a security issue are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP W...

Important: Red Hat Security Advisory: php security update

Updated PHP packages that fix a security issue are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A bug was discovered in the PEAR XML-RP...

[SA16491] MailWatch for MailScanner XML-RPC PHP Code Execution

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

[SA16441] phpMyFAQ XML-RPC Nested XML Tags PHP Code Execution

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

CVE-2005-2498

PHPXMLRPC

[Full-disclosure] Advisory 14/2005: PEAR XML_RPC Remote PHP Code Injection Vulnerability

Vulnerability Reply-To: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hardened-PHP Project www.hardened-php.net -= Security Advisory =- Advisory: PEAR XMLRPC Remote PHP Code Injection Vulnerability Release Date: 2005/08/15 Last Modified: 2005/08/15 Author: Stefan Esser [email protected]...

[Full-disclosure] [DRUPAL-SA-2005-004] Drupal 4.6.3 / 4.5.5 fixes critical XML-RPC issue

---------------------------------------------------------------------------- Drupal security advisory DRUPAL-SA-2005-004 ---------------------------------------------------------------------------- Advisory ID: DRUPAL-SA-2005-004 Date: 2005-aug-15 CVE ID: CAN-2005-2498 Security risk: highly...

[SA16339] XOOPS PHPMailer and XML-RPC Vulnerabilities

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

SUSE-SA:2005:041: php/pear XML::RPC

The remote host is missing the patch for the advisory SUSE-SA:2005:041 php/pear XML::RPC. A bug in the PEAR::XMLRPC library allowed remote attackers to pass arbitrary PHP code to the eval function. The updated php packages fix the XML::RPC bug, however several third party PHP packages include a...

GLSA-200507-15 : PHP: Script injection through XML-RPC

The remote host is affected by the vulnerability described in GLSA-200507-15 PHP: Script injection through XML-RPC James Bercegay has discovered that the XML-RPC implementation in PHP fails to sanitize input passed in an XML document, which is used in an 'eval' statement. Impact : A remote attack...

PHP: Script injection through XML-RPC

Background PHP is a general-purpose scripting language widely used to develop web-based applications. It can run inside a web server using the modphp module or the CGI version of PHP, or can run stand-alone in a CLI. Description James Bercegay has discovered that the XML-RPC implementation in PHP...

xmlrpc.py.txt

!/usr/bin/python ./xmlrpc.py chk|xpl host uri example check bug: ./xmlrpc.py chk www.postnuke.com /xmlrpc.php example exploit bug: ./xmlrpc.py xpl www.postnuke.com /xmlrpc.php Pear XML-RPC Library 1.3.0 Remote PHP Code Execution Exploit -- Not working for me so i made this python code...

Ruby: Arbitrary command execution through XML-RPC

Background Ruby is an interpreted scripting language for quick and easy object-oriented programming. XML-RPC is a remote procedure call protocol encoded in XML. Description Nobuhiro IMAI reported that an invalid default value in "utils.rb" causes the security protections of the XML-RPC server to...

GLSA-200507-10 : Ruby: Arbitrary command execution through XML-RPC

The remote host is affected by the vulnerability described in GLSA-200507-10 Ruby: Arbitrary command execution through XML-RPC Nobuhiro IMAI reported that an invalid default value in 'utils.rb' causes the security protections of the XML-RPC server to fail. Impact : A remote attacker could exploit...

GLSA-200507-08 : phpGroupWare, eGroupWare: PHP script injection vulnerability

The remote host is affected by the vulnerability described in GLSA-200507-08 phpGroupWare, eGroupWare: PHP script injection vulnerability The XML-RPC implementations of phpGroupWare and eGroupWare fail to sanitize input sent to the XML-RPC server using the 'POST' method. Impact : A remote attacke...

phpWebSite: Multiple vulnerabilities

Background phpWebSite is a content management system written in PHP. Description phpWebSite fails to sanitize input sent to the XML-RPC server using the "POST" method. Other unspecified vulnerabilities have been discovered by Diabolic Crab of Hackers Center. Impact A remote attacker could exploit...

phpGroupWare, eGroupWare: PHP script injection vulnerability

Background phpGroupWare and eGroupWare are web based collaboration software suites. Description The XML-RPC implementations of phpGroupWare and eGroupWare fail to sanitize input sent to the XML-RPC server using the "POST" method. Impact A remote attacker could exploit the XML-RPC vulnerability to...

GLSA-200507-07 : phpWebSite: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200507-07 phpWebSite: Multiple vulnerabilities phpWebSite fails to sanitize input sent to the XML-RPC server using the 'POST' method. Other unspecified vulnerabilities have been discovered by Diabolic Crab of Hackers Center. Impac...