RedhatCVELIST:CVE-2005-1921CVE-2005-1921
Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.
References
marc.info/?l=bugtraq&m=112008638320145&w=2
marc.info/?l=bugtraq&m=112015336720867&w=2
marc.info/?l=bugtraq&m=112605112027335&w=2
pear.php.net/package/XML_RPC/download/1.3.1
secunia.com/advisories/15810
secunia.com/advisories/15852
secunia.com/advisories/15855
secunia.com/advisories/15861
secunia.com/advisories/15872
secunia.com/advisories/15883
secunia.com/advisories/15884
secunia.com/advisories/15895
secunia.com/advisories/15903
secunia.com/advisories/15904
secunia.com/advisories/15916
secunia.com/advisories/15917
secunia.com/advisories/15922
secunia.com/advisories/15944
secunia.com/advisories/15947
secunia.com/advisories/15957
secunia.com/advisories/16001
secunia.com/advisories/16339
secunia.com/advisories/16693
secunia.com/advisories/17440
secunia.com/advisories/17674
secunia.com/advisories/18003
security.gentoo.org/glsa/glsa-200507-01.xml
security.gentoo.org/glsa/glsa-200507-06.xml
security.gentoo.org/glsa/glsa-200507-07.xml
securitytracker.com/id?1015336
sourceforge.net/project/showfiles.php?group_id=87163
sourceforge.net/project/shownotes.php?release_id=338803
www.ampache.org/announce/3_3_1_2.php
www.debian.org/security/2005/dsa-745
www.debian.org/security/2005/dsa-746
www.debian.org/security/2005/dsa-747
www.debian.org/security/2005/dsa-789
www.drupal.org/security/drupal-sa-2005-003/advisory.txt
www.gulftech.org/?node=research&article_id=00087-07012005
www.hardened-php.net/advisory-022005.php
www.mandriva.com/security/advisories?name=MDKSA-2005:109
www.novell.com/linux/security/advisories/2005_18_sr.html
www.novell.com/linux/security/advisories/2005_41_php_pear.html
www.novell.com/linux/security/advisories/2005_49_php.html
www.redhat.com/support/errata/RHSA-2005-564.html
www.securityfocus.com/archive/1/419064/100/0/threaded
www.securityfocus.com/bid/14088
www.vupen.com/english/advisories/2005/2827
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11294
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A350
Related
