postnuke -- multiple vulnerabilities

Postnuke Security Announcementss reports of the following vulnerabilities: missing input validation within /modules/Messages/readpmsg.php possible path disclosure within /user.php possible path disclosure within /modules/News/article.php possible remote code injection within /includes/pnMod.php...

PT-2005-2673 · Postnuke · Postnuke

Name of the Vulnerable Software and Affected Versions: PostNuke versions 0.750 through 0.760RC3 Description: The issue allows remote attackers to obtain sensitive information via direct requests to various files, including theme.php and Xanthia.php in the Xanthia module, multiple files in the...

CVE-2005-0089

The SimpleXMLRPCServer library module in Python 2.2, 2.3 before 2.3.5, and 2.4, when used by XML-RPC servers that use the registerinstance method to register an object without a dispatch method, allows remote attackers to read or modify globals of the associated module, and possibly execute...

CVE-2005-0089

The SimpleXMLRPCServer library module in Python 2.2, 2.3 before 2.3.5, and 2.4, when used by XML-RPC servers that use the registerinstance method to register an object without a dispatch method, allows remote attackers to read or modify globals of the associated module, and possibly execute...

Mandrake Linux Security Advisory : python (MDKSA-2005:035)

A flaw in the python language was found by the development team. The SimpleXMLRPCServer library module could permit remote attackers unintended access to internals of the registered object or it's module, or possibly even other modules. This only affects python XML-RPC servers that use the...

Python: Arbitrary code execution through SimpleXMLRPCServer

Background Python is an interpreted, interactive, object-oriented, cross-platform programming language. Description Graham Dumpleton discovered that XML-RPC servers making use of the SimpleXMLRPCServer library that use the registerinstance method to register an object without a dispatch method ar...

[SECURITY] [DSA 666-1] New Python2.2 packages fix unauthorised XML-RPC internals access

-------------------------------------------------------------------------- Debian Security Advisory DSA 666-1 [email protected] http://www.debian.org/security/ Martin Schulze February 4th, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 666-1] New Python2.2 packages fix unauthorised XML-RPC internals access

-------------------------------------------------------------------------- Debian Security Advisory DSA 666-1 [email protected] http://www.debian.org/security/ Martin Schulze February 4th, 2005 http://www.debian.org/security/faq -...

python -- SimpleXMLRPCServer.py allows unrestricted traversal

According to Python Security Advisory PSF-2005-001, The Python development team has discovered a flaw in the SimpleXMLRPCServer library module which can give remote attackers access to internals of the registered object or its module or possibly other modules. The flaw only affects Python XML-RPC...

Zope 2.x - Incorrect XML-RPC Request Information Disclosure

source: https://www.securityfocus.com/bid/5806/info A vulnerability has been reported for Zope 2.5.1 and earlier. Reportedly, Zope does not handle XML-RPC requests properly. Specially crafted XML-RPC requests may cause Zope to respond to a request with an error page with system specific details...

Zope 2.x - Incorrect XML-RPC Request Information Disclosure

Zope 2.x - Incorrect XML-RPC Request Information Disclosure source: https://www.securityfocus.com/bid/5806/info A vulnerability has been reported for Zope 2.5.1 and earlier. Reportedly, Zope does not handle XML-RPC requests properly. Specially crafted XML-RPC requests may cause Zope to respond to...