b2evolution XML-RPC PHP Code Execution Vulnerabilities - Advisories

b2evolution XML-RPC PHP Code Execution Vulnerabilities

Secunia Advisory:	SA17440
Release Date:	2005-11-07

Critical:	Highly critical
Impact:	System access
Where:	From remote
Solution Status:	Vendor Patch

Software:	b2evolution 0.x

CVE reference:	CVE-2005-2498 (Secunia mirror)

	Want to know the next time vulnerabilities are fixed in this product? - Companies can be alerted via email and SMS!

Description: Two vulnerabilities have been reported in b2evolution, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA15852 SA16431 Solution: Update to version 0.9.1. http://sourceforge.net/project/showfiles.php?group_id=85535&package_id=88610 Other References: SA15852: http://secunia.com/advisories/15852/ SA16431: http://secunia.com/advisories/16431/



Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise. Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

2 Related Secunia Security Advisories

1. b2evolution "title" SQL Injection Vulnerability

Send Feedback to Secunia

If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com. Ideas, suggestions, and other feedback are most welcome.

Secunia PSI
Scan | Patch | Track
Free Download

Secunia Poll

Most Popular Advisories

1.	HP-UX update for Apache

2.	Red Hat Directory Server Multiple Vulnerabilities

3.	OpenOffice "rtl_allocateMe mory()" Truncation Vulnerability

4.	Tiger "genmsgidx" Insecure Temporary Files

5.	R "javareconf" Insecure Temporary Files

6.	Red Hat Directory Server Denial of Service Vulnerabilities

7.	Citadel "migrate_aliase s.sh" Insecure Temporary Files

8.	Honeyd "test.sh" Insecure Temporary Files

9.	Red Hat update for tomcat

10.	Ampache "gather-message s.sh" Insecure Temporary Files