what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 10 of 10 RSS Feed

CVE-2005-2498

Status Candidate

Overview

Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML-RPC for PHP), as used in multiple products including (1) Drupal, (2) phpAdsNew, (3) phpPgAds, and (4) phpgroupware, allows remote attackers to execute arbitrary PHP code via certain nested XML tags in a PHP document that should not be nested, which are injected into an eval function call, a different vulnerability than CVE-2005-1921.

Related Files

Debian Linux Security Advisory 842-1
Posted Oct 6, 2005
Authored by Debian | Site security.debian.org

Debian Security Advisory DSA 842-1 - Stefan Esser discovered a vulnerability in the XML-RPC libraries which are also present in egroupware, a web-based groupware suite, that allows injection of arbitrary PHP code into eval() statements.

tags | advisory, web, arbitrary, php
systems | linux, debian
advisories | CVE-2005-2498
SHA-256 | de954d71c9d226cbf7f9bce5488f5252c12b1c9a91c9c401b46a1df9d5abdfb4
Gentoo Linux Security Advisory 200509-19
Posted Sep 28, 2005
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200509-19 - PHP makes use of a private copy of libpcre which is subject to an integer overflow leading to a heap overflow (see GLSA 200508-17). It also ships with an XML-RPC library affected by a script injection vulnerability (see GLSA 200508-13). Versions less than 4.4.0-r1 are affected.

tags | advisory, overflow, php
systems | linux, gentoo
advisories | CVE-2005-2491, CVE-2005-2498
SHA-256 | c7a1f559573619bdacd54a3d4bece4a1a706e5cf86234d5dbd089768b44b19a0
Debian Linux Security Advisory 798-1
Posted Sep 5, 2005
Authored by Debian | Site debian.org

Debian Security Advisory DSA 798-1 - Several vulnerabilities have been discovered in phpgroupware, a web based groupware system written in PHP.

tags | advisory, web, php, vulnerability
systems | linux, debian
advisories | CVE-2005-2498, CVE-2005-2600, CVE-2005-2761
SHA-256 | 5a9baa306095616296206f4d96b3c1e812832aaaf177227ba230c7910c9bb336
Gentoo Linux Security Advisory 200508-21
Posted Sep 1, 2005
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200508-21 - phpWebSite uses an XML-RPC library that improperly handles XML-RPC requests and responses with malformed nested tags. Furthermore, matrix_killer reported that phpWebSite is vulnerable to an SQL injection attack. Versions less than 0.10.2_rc2 are affected.

tags | advisory, sql injection
systems | linux, gentoo
advisories | CVE-2005-2498
SHA-256 | 6f0a21199715e6f7f94faf3e1cf2319b9e3a136fd58c4051fa9574fe85bcbb24
Gentoo Linux Security Advisory 200508-20
Posted Aug 31, 2005
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200508-20 - phpGroupWare improperly validates the mid parameter retrieved via a forum post. The current version of phpGroupWare also adds several safeguards to prevent XSS issues, and disables the use of a potentially vulnerable XML-RPC library. Versions less than 0.9.16.008 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2005-2498, CVE-2005-2600
SHA-256 | d33de08c4298350651ca1c385fd6272325c50069a0e5c4e6069ba07eeb7605fd
Gentoo Linux Security Advisory 200508-18
Posted Aug 28, 2005
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200508-18 - Earlier versions of PhpWiki contain an XML-RPC library that improperly handles XML-RPC requests and responses with malformed nested tags. Versions less than 1.3.10-r2 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2005-2498
SHA-256 | 58ddf0b053866baf9206aad81f5b145df56df9dd0892fd927abb65eee821554b
Gentoo Linux Security Advisory 200508-14
Posted Aug 25, 2005
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200508-14 - The XML-RPC library shipped in TikiWiki and eGroupWare improperly handles XML-RPC requests and responses with malformed nested tags. Versions less than 1.8.5-r2 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2005-2498
SHA-256 | 9acf45a11c434f9e4b49e43cdefa777308170e253b8f78d7f744be25888a81df
Gentoo Linux Security Advisory 200508-13
Posted Aug 24, 2005
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200508-13 - Stefan Esser of the Hardened-PHP Project discovered that the PEAR XML-RPC and phpxmlrpc libraries were improperly handling XMLRPC requests and responses with malformed nested tags. Versions less than 1.4.0 are affected.

tags | advisory, php
systems | linux, gentoo
advisories | CVE-2005-2498
SHA-256 | b392e04daac6a3131a159750ecf6640f104e46dc1e949490958e28588b03b917
Hardened-PHP Project Security Advisory 2005-15.67
Posted Aug 17, 2005
Authored by Stefan Esser, Hardened-PHP Project | Site hardened-php.net

A vulnerability in the PHP XML-RPC libraries allows injection of arbitrary PHP code into eval() statements. Versions 1.1.1 and below are affected.

tags | advisory, arbitrary, php
advisories | CVE-2005-2498
SHA-256 | 19d40733455dcea434023fe40242a8416ebdce81f0b0db82c65eaaf8dc985605
Hardened-PHP Project Security Advisory 2005-14.66
Posted Aug 17, 2005
Authored by Stefan Esser, Hardened-PHP Project | Site hardened-php.net

A vulnerability in the PEAR XML-RPC libraries allows injection of arbitrary PHP code into eval() statements. Versions 1.3.3 and below are affected.

tags | advisory, arbitrary, php
advisories | CVE-2005-2498
SHA-256 | 69e67d5d0d2809ee1dd8aab9cb442c8038040d14db81b9435a92088852571ec9
Page 1 of 1
Back1Next

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    12 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    18 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close