CVE-2005-1921 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2005-1921
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2005-1921

Description: Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.

CVE Status: Candidate

References: SUSE http://www.novell.com/linux/security/advisories/2005_18_sr.html http://www.novell.com/linux/security/advisories/2005_41_php_pear.html http://www.novell.com/linux/security/advisories/2005_49_php.html http://marc.theaimsgroup.com/?l=bugtraq&m=112605112027335&w=2 ST 1015336 SAID Secunia Advisory: SA17440 Secunia Advisory: SA16693 Secunia Advisory: SA16339 Secunia Advisory: SA15922 Secunia Advisory: SA15917 Secunia Advisory: SA15916 Secunia Advisory: SA15904 Secunia Advisory: SA15903 Secunia Advisory: SA15895 Secunia Advisory: SA15884 Secunia Advisory: SA15883 Secunia Advisory: SA15861 Secunia Advisory: SA15855 Secunia Advisory: SA15810 Secunia Advisory: SA18003 Secunia Advisory: SA16001 Secunia Advisory: SA15957 Secunia Advisory: SA15947 Secunia Advisory: SA15944 Secunia Advisory: SA15872 Secunia Advisory: SA15852 Secunia Advisory: SA17674 REDHAT http://www.redhat.com/support/errata/RHSA-2005-564.html OVAL http://oval.mitre.org/oval/definitions/data/oval350.html MISC http://www.hardened-php.net/advisory-022005.php http://www.gulftech.org/?node=research&article_id=00087-07012005 http://pear.php.net/package/XML_RPC/download/1.3.1 MANDRAKE http://www.mandriva.com/security/advisories?name=MDKSA-2005:109 HP http://www.securityfocus.com/archive/1/archive/1/419064/100/0/threaded GENTOO http://security.gentoo.org/glsa/glsa-200507-01.xml http://security.gentoo.org/glsa/glsa-200507-07.xml http://security.gentoo.org/glsa/glsa-200507-06.xml DEBIAN http://www.debian.org/security/2005/dsa-746 http://www.debian.org/security/2005/dsa-745 http://www.debian.org/security/2005/dsa-747 http://www.debian.org/security/2005/dsa-789 CONFIRM http://www.ampache.org/announce/3_3_1_2.php http://sourceforge.net/project/shownotes.php?release_id=338803 http://www.drupal.org/security/drupal-sa-2005-003/advisory.txt http://sourceforge.net/project/showfiles.php?group_id=87163 BUGTRAQ http://marc.theaimsgroup.com/?l=bugtraq&m=112015336720867&w=2 http://marc.theaimsgroup.com/?l=bugtraq&m=112008638320145&w=2 BID 14088

Return to the previous page.