1089 matches found
CVE-2005-2108
SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via input that is not filtered in the HTTPRAWPOSTDATA variable, which stores the data in an XML file...
xmlrpc.php Library <= 1.3.0 Remote Command Execute Exploit (2)
Exploit for unknown platform in category web applications ============================================================== xmlrpc.php Library / | | | || \ || | | | / /\ | \ || | / | | | ||/ || | || / \ | || || | / | | | || \ || | | / / \ \ | || || | / | | ||| || | | / |/ | || || | | | | || /| |...
xmlrpc.php Library <= 1.3.0 Remote Command Execute Exploit (2)
No description provided by source. ------------------------------------------------------- /| | | | | /\ | | / \ \ / / |\ | | / /\ \ \ | | / | | | || \ || | | | / /\ | \ || | / | | | ||/ || | || / \ | || || | / | | | || \ || | | / / \ \ | || || | / | | ||| || | | / |/ | || || | | | | || /| |...
CVE-2005-2108
SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via input that is not filtered in the HTTPRAWPOSTDATA variable, which stores the data in an XML file...
CVE-2005-2113
XOOPS <= 2.0.11 is affected by an SQL injection in the XMLRPC loginUser function that lets remote attackers execute arbitrary SQL and bypass authentication via crafted XML (e.g., blogger.getPost). The issue is documented as CVE-2005-2113; severity is HIGH (CVSS v2: AV:N/AC:L/Au:N/C:P/I:P/A:P)....
CVE-2005-2108
CVE-2005-2108 affects WordPress 1.5.1.2 and earlier, with an SQL injection in the XMLRPC server. The vulnerability arises because input is not filtered in the HTTP_RAW_POST_DATA variable that stores XML data, allowing remote attackers to execute arbitrary SQL commands. The NVD entry lists a CVSSv...
CVE-2005-2113
SQL injection vulnerability in the loginUser function in the XMLRPC server in XOOPS 2.0.11 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via crafted values in an XML file, as demonstrated using the blogger.getPost method...
CVE-2005-2108
SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via input that is not filtered in the HTTPRAWPOSTDATA variable, which stores the data in an XML file...
Advisory 02/2005: Remote code execution in Serendipity
Hardened PHP Project www.hardened-php.net -= Security Advisory =- Advisory: Remote code execution in Serendipity Release Date: 2005/06/29 Last Modified: 2005/06/29 Author: Christopher Kunz [email protected] Application: Serendipity = 0.8.2 Severity: Arbitrary remote code execution...
WordPress <= 1.5.1.2 - SQL injection
Because of this vulnerability in XMLRPC server, attackers can execute arbitrary SQL commands via input that is not filtered in the HTTPRAWPOSTDATA variable, which stores the data in an XML file. Solution Update the WordPress to the latest available version at least 1.5.1.3...
wpcmdexec.pl.txt
!/usr/bin/perl -w Wordpress 1.5.1.2 Strayhorn // XMLRPC Interface SQL Injection By James Bercegay // http://www.gulftech.org/ // June 21 2005 Quick and dirty proof of concept that uses the XML RPC server vulnerabilities I discovered to extract a password hash & use that hash to execute shell...
WordPress < 1.5.1.3 XMLRPC SQL Injection
The version of WordPress installed on the remote host is affected by a SQL injection vulnerability because the bundled XML-RPC library fails to properly sanitize user-supplied input to the 'xmlrpc.php' script. An attacker can exploit this flaw to launch SQL injection attacks that could lead to...
Mandrake Linux Security Advisory : php-pear (MDKSA-2005:109)
A vulnerability was discovered by GulfTech Security in the PHP XML RPC project. This vulnerability is considered critical and can lead to remote code execution. The vulnerability also exists in the PEAR XMLRPC implementation. Mandriva ships with the PEAR XMLRPC implementation and it has been...
Xoops < 2.0.12 Multiple XSS / SQL Injection
Binary data 3041.prm...
WordPress 1.5.1.2 - xmlrpc Interface SQL Injection
WordPress 1.5.1.2 - xmlrpc Interface SQL Injection !/usr/bin/perl -w sorry for the late posting, had to test it. /str0ke Wordpress 1.5.1.2 Strayhorn // XMLRPC Interface SQL Injection By James Bercegay // http://www.gulftech.org/ // June 21 2005 Quick and dirty proof of concept that uses the XML R...
XOOPS 2.0.11 && Earlier Multiple Vulnerabilities
GulfTech Security Research June 28th, 2005 Vendor : XOOPS URL : http://www.xoops.org/ Version : XOOPS 2.0.11 And Earlier Risk : Multiple Vulnerabilities Description: XOOPS is a very popular dynamic web content management system written in Object Oriented PHP. One of the features of XOOPS is it's...
Wordpress <= 1.5.1.2 xmlrpc Interface SQL Injection Exploit
No description provided by source. !/usr/bin/perl -w sorry for the late posting, had to test it. /str0ke Wordpress 1.5.1.2 Strayhorn // XMLRPC Interface SQL Injection By James Bercegay // http://www.gulftech.org/ // June 21 2005 Quick and dirty proof of concept that uses the XML RPC server...
Wordpress <= 1.5.1.2 xmlrpc Interface SQL Injection Exploit
Exploit for unknown platform in category web applications =========================================================== Wordpress wp.pl http://pathto/wp admin 1 "id;uname -a;pwd;uptime" Trying Host http://pathto/wp ... + The XMLRPC server seems to be working + Char 1 is 2 + Char 2 is 1 + Cha...
WordPress Core 1.5.1.2 - 'xmlrpc' Interface SQL Injection
!/usr/bin/perl -w sorry for the late posting, had to test it. /str0ke Wordpress 1.5.1.2 Strayhorn // XMLRPC Interface SQL Injection By James Bercegay // http://www.gulftech.org/ // June 21 2005 Quick and dirty proof of concept that uses the XML RPC server vulnerabilities I discovered to extract a...
USN-146-1: Ruby vulnerability
Nobuhiro IMAI discovered that the changed default value of the Modulepublicinstancemethods method broke the security protection of XMLRPC server handlers. A remote attacker could exploit this to execute arbitrary commands on an XMLRPC server...