Drupal XML-RPC for PHP Remote Code Injection

The version of Drupal running on the remote web server allows attackers to execute arbitrary PHP code due to a flaw in its bundled XML-RPC library. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid18640;...

GLSA-200507-06 : TikiWiki: Arbitrary command execution through XML-RPC

The remote host is affected by the vulnerability described in GLSA-200507-06 TikiWiki: Arbitrary command execution through XML-RPC TikiWiki is vulnerable to arbitrary command execution as described in GLSA 200507-01. Impact : A remote attacker could exploit this vulnerability to execute arbitrary...

Important: Red Hat Security Advisory: php security update

Updated PHP packages that fix two security issues are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A bug was discovered in the PEAR...

[Full-disclosure] [ GLSA 200507-06 ] TikiWiki: Arbitrary command execution through XML-RPC

Gentoo Linux Security Advisory GLSA 200507-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...

pearxmlrpc.pl.txt

!/usr/bin/perl ilo-- This program is no GPL or has nothing to do with FSF, but some code was ripped from romansoft.. sorry, too lazy! xmlrpc bug by James from GulfTech Security Research. http://pear.php.net/bugs/bug.php?id=4692 xmlrpc drupal exploit, but James sais xoops, phpnuke and other cms...

TikiWiki: Arbitrary command execution through XML-RPC

Background TikiWiki is a web-based groupware and content management system CMS, using PHP, ADOdb and Smarty. TikiWiki includes vulnerable PHP XML-RPC code. Description TikiWiki is vulnerable to arbitrary command execution as described in GLSA 200507-01. Impact A remote attacker could exploit this...

Multiple PHP XML-RPC implementations vulnerable to code injection

Overview A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system. Description XML-RPC is a specification and a set of implementations that allow software running on disparate operating systems and in different environments to make...

CVE-2005-1921

Eval injection vulnerability in PEAR XMLRPC 1.3.0 and earlier aka XML-RPC or xmlrpc and PHPXMLRPC aka XML-RPC For PHP or php-xmlrpc 1.1 and earlier, as used in products such as 1 WordPress, 2 Serendipity, 3 Drupal, 4 egroupware, 5 MailWatch, 6 TikiWiki, 7 phpWebSite, 8 Ampache, and others, allows...

GLSA-200507-02 : WordPress: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200507-02 WordPress: Multiple vulnerabilities James Bercegay of the GulfTech Security Research Team discovered that WordPress insufficiently checks data passed to the XML-RPC server. He also discovered that WordPress has several...

GLSA-200507-01 : PEAR XML-RPC, phpxmlrpc: PHP script injection vulnerability

The remote host is affected by the vulnerability described in GLSA-200507-01 PEAR XML-RPC, phpxmlrpc: PHP script injection vulnerability James Bercegay of GulfTech Security Research discovered that the PEAR XML-RPC and phpxmlrpc libraries fail to sanatize input sent using the 'POST' method. Impac...

XML-RPC Library 1.3.0 - xmlrpc.php Remote Command Execution (3)

XML-RPC Library 1.3.0 - xmlrpc.php Remote Command Execution 3 !/usr/bin/perl -w XML-RPC Remote Command Execution Exploit By Mike Rifone This works on da phpxmlrpc, and da PEAR XMLRPC too! All you need is to put the url to the server and u get shell Dis is my first exploit but hey it works :D...

xmlrpc.php Library <= 1.3.0 Remote Command Execute Exploit (3)

No description provided by source. !/usr/bin/perl -w XML-RPC Remote Command Execution Exploit By Mike Rifone This works on da phpxmlrpc, and da PEAR XMLRPC too! All you need is to put the url to the server and u get shell Dis is my first exploit but hey it works :D Mike@Rifone use LWP::UserAgent;...

XML-RPC Library 1.3.0 - 'xmlrpc.php' Remote Command Execution (3)

!/usr/bin/perl -w XML-RPC Remote Command Execution Exploit By Mike Rifone This works on da phpxmlrpc, and da PEAR XMLRPC too! All you need is to put the url to the server and u get shell Dis is my first exploit but hey it works :D Mike@Rifone use LWP::UserAgent; $brws = new LWP::UserAgent;...

XML-RPC Library 1.3.0 - 'xmlrpc.php' Remote Command Execution (2)

------------------------------------------------------- /| | | | | /\ | | / \ \ / / |\ | | / /\ \ \ | | / | | | || \ || | | | / /\ | \ || | / | | | ||/ || | || / \ | || || | / | | | || \ || | | / / \ \ | || || | / | | ||| || | | / |/ | || || | | | | || /| | | | | ||/| | ||/ | | | ||| | |...

DSA-840-1 drupal - missing input sanitising

Bulletin has no description...

[SA15903] PhpWiki XML-RPC PHP Code Execution Vulnerability

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

[SA15904] BLOG:CMS XML-RPC PHP Code Execution Vulnerability

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

xmlrpc.php Library <= 1.3.0 Remote Command Execute Exploit (3)

Exploit for unknown platform in category web applications ============================================================== xmlrpc.php Library agent"Internet Explorer 6.0"; $host = $ARGV0; if !$host die"Usage: xmlrpcexec.pl http://pathto/xmlrpcserver"; while $host print "xmlrpc@"; $exec = ; $data =...

WordPress: Multiple vulnerabilities

Background WordPress is a PHP and MySQL based content management and publishing system. Description James Bercegay of the GulfTech Security Research Team discovered that WordPress insufficiently checks data passed to the XML-RPC server. He also discovered that WordPress has several cross-site...

[SA15917] phpGroupWare XML-RPC PHP Code Execution Vulnerability

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...