Important: Red Hat Security Advisory: php security update

Updated PHP packages that fix two security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A hea...

DSA-1285-1 wordpress

Bulletin has no description...

CVE-2007-1897

SQL injection vulnerability in xmlrpc xmlrpc.php in WordPress 2.1.2, and probably earlier, allows remote authenticated users to execute arbitrary SQL commands via a string parameter value in an XML RPC mt.setPostCategories method call, related to the postid variable...

CVE-2007-1897

SQL injection vulnerability in xmlrpc xmlrpc.php in WordPress 2.1.2, and probably earlier, allows remote authenticated users to execute arbitrary SQL commands via a string parameter value in an XML RPC mt.setPostCategories method call, related to the postid variable...

Sql injection

SQL injection vulnerability in xmlrpc xmlrpc.php in WordPress 2.1.2, and probably earlier, allows remote authenticated users to execute arbitrary SQL commands via a string parameter value in an XML RPC mt.setPostCategories method call, related to the postid variable...

PHP XML-RPC Arbitrary Code Execution

This module exploits an arbitrary code execution flaw discovered in many implementations of the PHP XML-RPC module. This flaw is exploitable through a number of PHP web applications, including but not limited to Drupal, Wordpress, Postnuke, and TikiWiki. This module requires Metasploit:...

WordPress 1.x2.0.x - Pingback SourceURI Denial of Service Information Disclosure

WordPress 1.x2.0.x - Pingback SourceURI Denial of Service Information Disclosure source: https://www.securityfocus.com/bid/22220/info WordPress is prone to a denial-of-service vulnerability and an information-disclosure vulnerability. Attackers can exploit these issues to consume memory and...

CentOS 3 / 4 : php (CESA-2005:748)

Updated PHP packages that fix a security issue are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A bug was discovered in the PEAR XML-RP...

CentOS 3 / 4 : php (CESA-2005:564)

Updated PHP packages that fix two security issues are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A bug was discovered in the PEAR...

FreeBSD : postnuke -- multiple vulnerabilities (0274a9f1-0759-11da-bc08-0001020eed82)

Postnuke Security Announcementss reports of the following vulnerabilities : - missing input validation within /modules/Messages/readpmsg.php - possible path disclosure within /user.php - possible path disclosure within /modules/News/article.php - possible remote code injection within...

[SA17674] FreeMED XML_RPC PHP Code Execution Vulnerability

TITLE: FreeMED XMLRPC PHP Code Execution Vulnerability SECUNIA ADVISORY ID: SA17674 VERIFY ADVISORY: http://secunia.com/advisories/17674/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: FreeMED 0.x http://secunia.com/product/6190/ DESCRIPTION: A vulnerability has been...

[SA17693] vtiger CRM Multiple Vulnerabilities

TITLE: FreeMED XMLRPC PHP Code Execution Vulnerability SECUNIA ADVISORY ID: SA17674 VERIFY ADVISORY: http://secunia.com/advisories/17674/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: FreeMED 0.x http://secunia.com/product/6190/ DESCRIPTION: A vulnerability has been...

[SA17674] FreeMED XML_RPC PHP Code Execution Vulnerability

TITLE: FreeMED XMLRPC PHP Code Execution Vulnerability SECUNIA ADVISORY ID: SA17674 VERIFY ADVISORY: http://secunia.com/advisories/17674/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: FreeMED 0.x http://secunia.com/product/6190/ DESCRIPTION: A vulnerability has been...

phpAdsNew XML-RPC Library Remote Code Injection

The remote host appears to be running phpAdsNew, an open source ad server written in PHP. The version of phpAdsNew installed on the remote host allows attackers to execute arbitrary PHP code subject to the privileges of the web server user id due to a flaw in its bundled XML-RPC library...

[SA17440] b2evolution XML-RPC PHP Code Execution Vulnerabilities

TITLE: b2evolution XML-RPC PHP Code Execution Vulnerabilities SECUNIA ADVISORY ID: SA17440 VERIFY ADVISORY: http://secunia.com/advisories/17440/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: b2evolution 0.x http://secunia.com/product/2126/ DESCRIPTION: Two...

Zope Installation Path Disclosure

The remote web server contains an application server that is prone to information disclosure. Description : There is a minor security problem in all releases of Zope prior to version 2.5.1b1 - they reveal the installation path when an invalid XML RPC request is sent. OpenVAS Vulnerability Test $I...

Mandrake Linux Security Advisory : php-pear (MDKSA-2005:146)

A problem was discovered in the PEAR XML-RPC Server package included in the php-pear package. If a PHP script which implements the XML-RPC Server is used, it would be possible for a remote attacker to construct an XML-RPC request which would cause PHP to execute arbitrary commands as the 'apache'...

Debian DSA-842-1 : egroupware - missing input sanitising

Stefan Esser discovered a vulnerability in the XML-RPC libraries which are also present in egroupware, a web-based groupware suite, that allows injection of arbitrary PHP code into eval statements. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in thi...

GLSA-200509-19 : PHP: Vulnerabilities in included PCRE and XML-RPC libraries

The remote host is affected by the vulnerability described in GLSA-200509-19 PHP: Vulnerabilities in included PCRE and XML-RPC libraries PHP makes use of a private copy of libpcre which is subject to an integer overflow leading to a heap overflow see GLSA 200508-17. It also ships with an XML-RPC...

[SECURITY] [DSA 842-1] New egroupware packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 842-1 [email protected] http://www.debian.org/security/ Martin Schulze October 4th, 2005 http://www.debian.org/security/faq -...