Home Corporate Website Jobs Updated Mailing Lists RSS Blog  Online Shop Advertise
	Software Inspectors   Scan Online   Personal (PSI)   Network (NSI 2.0) Solutions For   Security Professionals   Security Vendors Free Solutions For   Open Communities   Journalists & Media Secunia Advisories   Search   Historic Advisories   Listed By Product   Listed By Vendor   Statistics / Graphs   Secunia Research   Report Vulnerability   About Advisories Virus Information   Chronological List   Last 10 Virus Alerts   About Virus Information Secunia Customers   Customer Area CVE Reference: CVE-2005-2498 NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. Original Page at CVE MITRE: CVE-2005-2498 Description: Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML-RPC for PHP), as used in multiple products including (1) Drupal, (2) phpAdsNew, (3) phpPgAds, and (4) phpgroupware, allows remote attackers to execute arbitrary PHP code via certain nested XML tags in a PHP document that should not be nested, which are injected into an eval function call, a different vulnerability than CVE-2005-1921. CVE Status: Candidate References: SUSE   http://marc.theaimsgroup.com/?l=bugtraq&m=112605112027335&w=2   http://www.novell.com/linux/security/advisories/2005_49_php.html SAID   Secunia Advisory: SA17066   Secunia Advisory: SA17053   Secunia Advisory: SA17440   Secunia Advisory: SA16976   Secunia Advisory: SA16693   Secunia Advisory: SA16635   Secunia Advisory: SA16619   Secunia Advisory: SA16563   Secunia Advisory: SA16558   Secunia Advisory: SA16550   Secunia Advisory: SA16491   Secunia Advisory: SA16432   Secunia Advisory: SA16441   Secunia Advisory: SA16460   Secunia Advisory: SA16465   Secunia Advisory: SA16468   Secunia Advisory: SA16469   Secunia Advisory: SA16431 REDHAT   http://www.redhat.com/support/errata/RHSA-2005-748.html MISC   http://www.hardened-php.net/advisory_152005.67.html GENTOO   http://www.gentoo.org/security/en/glsa/glsa-200509-19.xml FEDORA   http://www.fedoralegacy.org/updates/FC2/2005-11-28-FLSA_2005_166943__Updated_php_packages_fix_security_issues.html DEBIAN   http://www.debian.org/security/2005/dsa-840   http://www.debian.org/security/2005/dsa-789   http://www.debian.org/security/2005/dsa-798   http://www.debian.org/security/2005/dsa-842 BUGTRAQ   http://marc.theaimsgroup.com/?l=bugtraq&m=112412415822890&w=2   http://marc.theaimsgroup.com/?l=bugtraq&m=112431497300344&w=2   http://www.securityfocus.com/archive/1/408125 BID   14560 Return to the previous page. Secunia PSI Scan | Patch | Track Free Download Secunia Poll Do you think it's important to read Setup/User Guides for applications for use within your network? Yes, I do it all the time Yes, but I do it rarely No See Results    Most Popular Advisories 1. Mozilla Firefox Multiple Vulnerabilities 2. Opera for Windows Unspecified Code Execution 3. Mozilla Thunderbird Multiple Vulnerabilities 4. VLC Media Player WAV Processing Integer Overflow 5. zlib Denial of Service Vulnerability 6. GNOME Glib PCRE pcre_compile.c Buffer Overflow Vulnerability 7. UnixWare ReliantHA Privilege Escalation Vulnerabilities 8. PCRE pcre_compile.c Buffer Overflow Vulnerability 9. Drupal Organic groups Information Disclosure and Script Insertion 10. Opera Canvas Functions Information Disclosure
Vulnerability Management - Terms & Conditions - Copyright 2002-2008 Secunia - Compliance - Contact Secunia