exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 11 of 11 RSS Feed

CVE-2005-1921

Status Candidate

Overview

Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.

Related Files

PHP XML-RPC Arbitrary Code Execution
Posted Oct 30, 2009
Authored by H D Moore, cazz | Site metasploit.com

This Metasploit module exploits an arbitrary code execution flaw discovered in many implementations of the PHP XML-RPC module. This flaw is exploitable through a number of PHP web applications, including but not limited to Drupal, Wordpress, Postnuke, and TikiWiki.

tags | exploit, web, arbitrary, php, code execution
advisories | CVE-2005-1921
SHA-256 | 74661987981d6b9dcef06ec55c6a9cc16d40945f635c122f6a84bdf7a7d57158
HP Security Bulletin 2005-10.69
Posted Dec 14, 2005
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - A potential security vulnerability has been identified in the Secure Web Server for Tru64 UNIX (powered by Apache) 6.4.1 and earlier when running PHP/XMLRPC. The vulnerability could be exploited by a remote unauthorized user to execute arbitrary code.

tags | advisory, remote, web, arbitrary, php
systems | unix
advisories | CVE-2005-1921
SHA-256 | afa77588576431352f8061a012a379bf68e3f8016765afad4d2ce302559a6168
Gentoo Linux Security Advisory 200507-15
Posted Jul 15, 2005
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200507-15 - James Bercegay has discovered that the XML-RPC implementation in PHP fails to sanitize input passed in an XML document, which is used in an eval() statement. Versions less than 4.4.0 are affected.

tags | advisory, php
systems | linux, gentoo
advisories | CVE-2005-1921
SHA-256 | 957d243d316ce15bb092f0b014f3dff4abe6629942d9dd158e3b4af0205a4fa7
Debian Linux Security Advisory 746-1
Posted Jul 14, 2005
Authored by Debian | Site security.debian.org

Debian Security Advisory DSA 746-1 - A vulnerability had been identified in the xmlrpc library included with phpgroupware, a web-based application including email, calendar and other groupware functionality. This vulnerability could lead to the execution of arbitrary commands on the server running phpgroupware.

tags | advisory, web, arbitrary
systems | linux, debian
advisories | CVE-2005-1921
SHA-256 | 463042360637941b8f9b9cfb05ee3ecc82f5ecdf9094179130ce122871544166
Gentoo Linux Security Advisory 200507-8
Posted Jul 12, 2005
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200507-08 - The XML-RPC implementations of phpGroupWare and eGroupWare fail to sanitize input sent to the XML-RPC server using the POST method. Versions less than 0.9.16.006 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2005-1921
SHA-256 | e6e4508d4d34b0338c98cad75efb14c9a7bbb24a8a963d701d075ce1f286752c
Debian Linux Security Advisory 747-1
Posted Jul 12, 2005
Authored by Debian | Site security.debian.org

Debian Security Advisory DSA 747-1 - A vulnerability has been identified in the xmlrpc library included in the egroupware package. This vulnerability could lead to the execution of arbitrary commands on the server running egroupware.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2005-1921
SHA-256 | b0b86440bb0360bbefc86c2863a7889904933148f078a1f19d96c3fcd6b2f2ad
Gentoo Linux Security Advisory 200507-7
Posted Jul 12, 2005
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200507-07 - phpWebSite fails to sanitize input sent to the XML-RPC server using the POST method. Other unspecified vulnerabilities have been discovered by Diabolic Crab of Hackers Center. Versions less than 0.10.1-r1 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2005-1921
SHA-256 | 137a749249ea84faa10e7656703df394ec1711a7ad5160e8ffb8a677672f639a
Gentoo Linux Security Advisory 200507-6
Posted Jul 7, 2005
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200507-06 - TikiWiki is vulnerable to arbitrary command execution as described in GLSA 200507-01. Versions less than 1.8.5-r1 are affected.

tags | advisory, arbitrary
systems | linux, gentoo
advisories | CVE-2005-1921
SHA-256 | 7a3224fc388615854b469f89647198e48bf895aba6282499573f5c86dea45927
Gentoo Linux Security Advisory 200507-2
Posted Jul 7, 2005
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200507-02 - James Bercegay of the GulfTech Security Research Team discovered that WordPress insufficiently checks data passed to the XML-RPC server. He also discovered that WordPress has several cross-site scripting and full path disclosure vulnerabilities. Versions less than 1.5.1.3 are affected.

tags | advisory, vulnerability, xss
systems | linux, gentoo
advisories | CVE-2005-1921
SHA-256 | 8ef3cc7830aa91d24d15b2d98e64f7bac2893ffe531033defa532c1d06a66f2a
Gentoo Linux Security Advisory 200507-1
Posted Jul 7, 2005
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200507-01 - James Bercegay of GulfTech Security Research discovered that the PEAR XML-RPC and phpxmlrpc libraries fail to sanitize input sent using the POST method. Versions less than 1.3.1 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2005-1921
SHA-256 | 1ccfd7f91652298e66cd06e890e188a97d9b460fd9f05dfd6e4e738dc832354c
advisory-022005.txt
Posted Jul 1, 2005
Authored by Christopher Kunz

Serendipity version 0.8.2 and below suffer from a remote command execution flaw.

tags | advisory, remote
advisories | CVE-2005-1921
SHA-256 | 2a4ee8e7ada42a56b8aed38fe317912c764aad12ca30260dd372fba5c27cd442
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close