Debian Security Advisory DSA 842-1 - Stefan Esser discovered a vulnerability in the XML-RPC libraries which are also present in egroupware, a web-based groupware suite, that allows injection of arbitrary PHP code into eval() statements.
de954d71c9d226cbf7f9bce5488f5252c12b1c9a91c9c401b46a1df9d5abdfb4Gentoo Linux Security Advisory GLSA 200509-19 - PHP makes use of a private copy of libpcre which is subject to an integer overflow leading to a heap overflow (see GLSA 200508-17). It also ships with an XML-RPC library affected by a script injection vulnerability (see GLSA 200508-13). Versions less than 4.4.0-r1 are affected.
c7a1f559573619bdacd54a3d4bece4a1a706e5cf86234d5dbd089768b44b19a0Debian Security Advisory DSA 798-1 - Several vulnerabilities have been discovered in phpgroupware, a web based groupware system written in PHP.
5a9baa306095616296206f4d96b3c1e812832aaaf177227ba230c7910c9bb336Gentoo Linux Security Advisory GLSA 200508-21 - phpWebSite uses an XML-RPC library that improperly handles XML-RPC requests and responses with malformed nested tags. Furthermore, matrix_killer reported that phpWebSite is vulnerable to an SQL injection attack. Versions less than 0.10.2_rc2 are affected.
6f0a21199715e6f7f94faf3e1cf2319b9e3a136fd58c4051fa9574fe85bcbb24Gentoo Linux Security Advisory GLSA 200508-20 - phpGroupWare improperly validates the mid parameter retrieved via a forum post. The current version of phpGroupWare also adds several safeguards to prevent XSS issues, and disables the use of a potentially vulnerable XML-RPC library. Versions less than 0.9.16.008 are affected.
d33de08c4298350651ca1c385fd6272325c50069a0e5c4e6069ba07eeb7605fdGentoo Linux Security Advisory GLSA 200508-18 - Earlier versions of PhpWiki contain an XML-RPC library that improperly handles XML-RPC requests and responses with malformed nested tags. Versions less than 1.3.10-r2 are affected.
58ddf0b053866baf9206aad81f5b145df56df9dd0892fd927abb65eee821554bGentoo Linux Security Advisory GLSA 200508-14 - The XML-RPC library shipped in TikiWiki and eGroupWare improperly handles XML-RPC requests and responses with malformed nested tags. Versions less than 1.8.5-r2 are affected.
9acf45a11c434f9e4b49e43cdefa777308170e253b8f78d7f744be25888a81dfGentoo Linux Security Advisory GLSA 200508-13 - Stefan Esser of the Hardened-PHP Project discovered that the PEAR XML-RPC and phpxmlrpc libraries were improperly handling XMLRPC requests and responses with malformed nested tags. Versions less than 1.4.0 are affected.
b392e04daac6a3131a159750ecf6640f104e46dc1e949490958e28588b03b917A vulnerability in the PHP XML-RPC libraries allows injection of arbitrary PHP code into eval() statements. Versions 1.1.1 and below are affected.
19d40733455dcea434023fe40242a8416ebdce81f0b0db82c65eaaf8dc985605A vulnerability in the PEAR XML-RPC libraries allows injection of arbitrary PHP code into eval() statements. Versions 1.3.3 and below are affected.
69e67d5d0d2809ee1dd8aab9cb442c8038040d14db81b9435a92088852571ec9
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed