1127 matches found
[Full-disclosure] [ GLSA 200507-06 ] TikiWiki: Arbitrary command execution through XML-RPC
Gentoo Linux Security Advisory GLSA 200507-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...
TikiWiki: Arbitrary command execution through XML-RPC
Background TikiWiki is a web-based groupware and content management system CMS, using PHP, ADOdb and Smarty. TikiWiki includes vulnerable PHP XML-RPC code. Description TikiWiki is vulnerable to arbitrary command execution as described in GLSA 200507-01. Impact A remote attacker could exploit this...
Multiple PHP XML-RPC implementations vulnerable to code injection
Overview A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system. Description XML-RPC is a specification and a set of implementations that allow software running on disparate operating systems and in different environments to make...
CVE-2005-1921
Eval injection vulnerability in PEAR XMLRPC 1.3.0 and earlier aka XML-RPC or xmlrpc and PHPXMLRPC aka XML-RPC For PHP or php-xmlrpc 1.1 and earlier, as used in products such as 1 WordPress, 2 Serendipity, 3 Drupal, 4 egroupware, 5 MailWatch, 6 TikiWiki, 7 phpWebSite, 8 Ampache, and others, allows...
GLSA-200507-01 : PEAR XML-RPC, phpxmlrpc: PHP script injection vulnerability
The remote host is affected by the vulnerability described in GLSA-200507-01 PEAR XML-RPC, phpxmlrpc: PHP script injection vulnerability James Bercegay of GulfTech Security Research discovered that the PEAR XML-RPC and phpxmlrpc libraries fail to sanatize input sent using the 'POST' method. Impac...
GLSA-200507-02 : WordPress: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200507-02 WordPress: Multiple vulnerabilities James Bercegay of the GulfTech Security Research Team discovered that WordPress insufficiently checks data passed to the XML-RPC server. He also discovered that WordPress has several...
[SA15916] eGroupWare XML-RPC PHP Code Execution Vulnerability
---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...
xmlrpc.php Library <= 1.3.0 Remote Command Execute Exploit (3)
Exploit for unknown platform in category web applications ============================================================== xmlrpc.php Library agent"Internet Explorer 6.0"; $host = $ARGV0; if !$host die"Usage: xmlrpcexec.pl http://pathto/xmlrpcserver"; while $host print "xmlrpc@"; $exec = ; $data =...
XML-RPC Library 1.3.0 - xmlrpc.php Remote Command Execution (3)
XML-RPC Library 1.3.0 - xmlrpc.php Remote Command Execution 3 !/usr/bin/perl -w XML-RPC Remote Command Execution Exploit By Mike Rifone This works on da phpxmlrpc, and da PEAR XMLRPC too! All you need is to put the url to the server and u get shell Dis is my first exploit but hey it works :D...
xmlrpc.php Library <= 1.3.0 Remote Command Execute Exploit (3)
No description provided by source. !/usr/bin/perl -w XML-RPC Remote Command Execution Exploit By Mike Rifone This works on da phpxmlrpc, and da PEAR XMLRPC too! All you need is to put the url to the server and u get shell Dis is my first exploit but hey it works :D Mike@Rifone use LWP::UserAgent;...
[SA15903] PhpWiki XML-RPC PHP Code Execution Vulnerability
---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...
[SA15904] BLOG:CMS XML-RPC PHP Code Execution Vulnerability
---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...
WordPress: Multiple vulnerabilities
Background WordPress is a PHP and MySQL based content management and publishing system. Description James Bercegay of the GulfTech Security Research Team discovered that WordPress insufficiently checks data passed to the XML-RPC server. He also discovered that WordPress has several cross-site...
[SA15917] phpGroupWare XML-RPC PHP Code Execution Vulnerability
---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...
XML-RPC Library 1.3.0 - 'xmlrpc.php' Remote Command Execution (3)
!/usr/bin/perl -w XML-RPC Remote Command Execution Exploit By Mike Rifone This works on da phpxmlrpc, and da PEAR XMLRPC too! All you need is to put the url to the server and u get shell Dis is my first exploit but hey it works :D Mike@Rifone use LWP::UserAgent; $brws = new LWP::UserAgent;...
XML-RPC Library 1.3.0 - 'xmlrpc.php' Remote Command Execution (2)
------------------------------------------------------- /| | | | | /\ | | / \ \ / / |\ | | / /\ \ \ | | / | | | || \ || | | | / /\ | \ || | / | | | ||/ || | || / \ | || || | / | | | || \ || | | / / \ \ | || || | / | | ||| || | | / |/ | || || | | | | || /| | | | | ||/| | ||/ | | | ||| | |...
DSA-840-1 drupal - missing input sanitising
Bulletin has no description...
PEAR XML-RPC, phpxmlrpc: PHP script injection vulnerability
Background The PEAR XML-RPC and phpxmlrpc libraries are both PHP implementations of the XML-RPC protocol. Description James Bercegay of GulfTech Security Research discovered that the PEAR XML-RPC and phpxmlrpc libraries fail to sanatize input sent using the "POST" method. Impact A remote attacker...
PHPXMLRPC Remote Code Execution
GulfTech Security Research June 29th, 2005 Vendor : Useful Information Inc. URL : http://phpxmlrpc.sourceforge.net/ Version : PHPXMLRPC 1.1 && Earlier Risk : Remote Command Execution Description: PHPXMLRPC aka XML-RPC For PHP is a PHP implementation of the XML-RPC web RPC protocol, and was...
CVE-2005-1921
CVE-2005-1921 is a remote PHP code execution vulnerability in PEAR XML_RPC (<=1.3.0) and PHPXMLRPC (