Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-789-1
HistoryAug 29, 2005 - 12:00 a.m.

php4 - several

2005-08-2900:00:00
Google
osv.dev
11

0.956 High

EPSS

Percentile

99.4%

JSON

Several security related problems have been found in PHP4, the
server-side, HTML-embedded scripting language. The Common
Vulnerabilities and Exposures project identifies the following
problems:

  • CAN-2005-1751
    Eric Romang discovered insecure temporary files in the shtool
    utility shipped with PHP that can exploited by a local attacker to
    overwrite arbitrary files. Only this vulnerability affects
    packages in oldstable.

  • CAN-2005-1921
    GulfTech has discovered that PEAR XML_RPC is vulnerable to a
    remote PHP code execution vulnerability that may allow an attacker
    to compromise a vulnerable server.

  • CAN-2005-2498
    Stefan Esser discovered another vulnerability in the XML-RPC
    libraries that allows injection of arbitrary PHP code into eval()
    statements.

For the old stable distribution (woody) these problems have been fixed in
version 4.1.2-7.woody5.

For the stable distribution (sarge) these problems have been fixed in
version 4.3.10-16.

For the unstable distribution (sid) these problems have been fixed in
version 4.4.0-2.

We recommend that you upgrade your PHP packages.

CPENameOperatorVersion
php4eq4:4.3.10-15

Related

openvas 61
debian 14
nessus 47
nvd 5
centos 3
cve 5
ubuntucve 4
redhat 2
cvelist 4
suse 3
ubuntu 2
gentoo 13
securityvulns 7
slackware 4
osv 3
wpvulndb 1
checkpoint_advisories 1
patchstack 1
packetstorm 1
freebsd 4
cert 1
exploitpack 1
exploitdb 1
debiancve 2
openvas
openvas
Debian: Security Advisory (DSA-789-1)
2008-01-17 00:00:00
Debian Security Advisory DSA 789-1 (php4)
2008-01-17 00:00:00
Gentoo Security Advisory GLSA 200508-14 (tikiwiki egroupware)
2008-09-24 00:00:00
debian
debian
[SECURITY] [DSA 789-1] New PHP 4 packages fix several vulnerabilities
2005-08-29 15:31:06
[SECURITY] [DSA 789-1] New PHP 4 packages fix several vulnerabilities
2005-08-29 15:31:06
[SECURITY] [DSA 747-1] New egroupware packages fix remote command execution
2005-07-10 17:41:55
nessus
nessus
Debian DSA-789-1 : php4 - several vulnerabilities
2005-08-30 00:00:00
Fedora Core 4 : php-5.0.4-10.3 (2005-518)
2005-07-06 00:00:00
Fedora Core 3 : php-4.3.11-2.6 (2005-517)
2005-07-06 00:00:00
nvd
nvd
CVE-2005-2498
2005-08-15 04:00:00
CVE-2005-1921
2005-07-05 04:00:00
CVE-2005-1759
2005-06-28 04:00:00
centos
centos
php security update
2005-07-07 20:36:04
php security update
2005-08-19 18:20:20
php security update
2005-08-31 21:06:57
cve
cve
CVE-2005-2498
2005-08-15 04:00:00
CVE-2005-1921
2005-07-05 04:00:00
CVE-2005-1759
2005-06-28 04:00:00
ubuntucve
ubuntucve
CVE-2005-2498
2005-08-15 00:00:00
CVE-2005-1921
2005-07-05 00:00:00
CVE-2005-1751
2005-05-25 00:00:00
redhat
redhat
(RHSA-2005:564) php security update
2005-07-07 00:00:00
(RHSA-2005:748) php security update
2005-08-19 00:00:00
cvelist
cvelist
CVE-2005-2498
2005-08-15 04:00:00
CVE-2005-1921
2005-07-01 04:00:00
CVE-2005-1759
2005-06-26 04:00:00
suse
suse
remote code execution in php4, php5
2005-08-30 14:35:22
local command execution, authentication bypass, in apache2
2005-09-12 13:00:50
remote code execution in php/pear XML::RPC
2005-07-08 15:32:35
ubuntu
ubuntu
PHP4 vulnerabilities
2005-08-21 00:00:00
PHP XMLRPC vulnerability
2005-07-05 00:00:00
gentoo
gentoo
PEAR XML-RPC, phpxmlrpc: New PHP script injection vulnerability
2005-08-24 00:00:00
TikiWiki, eGroupWare: Arbitrary command execution through XML-RPC
2005-08-24 00:00:00
phpWebSite: Multiple vulnerabilities
2005-07-10 00:00:00
securityvulns
securityvulns
Advisory 02/2005: Remote code execution in Serendipity
2005-06-30 00:00:00
[Full-disclosure] [ GLSA 200507-06 ] TikiWiki: Arbitrary command execution through XML-RPC
2005-07-07 00:00:00
[Full-disclosure] Advisory 14/2005: PEAR XML_RPC Remote PHP Code Injection Vulnerability
2005-08-15 00:00:00
slackware
slackware
PHP
2005-07-11 17:25:23
php5 in Slackware 10.1
2005-09-08 15:55:19
PHP
2005-08-30 15:54:11
osv
osv
drupal - missing input sanitising
2005-10-04 00:00:00
drupal - arbitrary command execution
2005-07-10 00:00:00
phpgroupware - several
2005-09-02 00:00:00
wpvulndb
wpvulndb
WordPress <= 1.5.1.2 - XMLRPC Eval Injection
2005-06-29 00:00:00
checkpoint_advisories
checkpoint_advisories
LupperA XMLRPC Propagation Request Code Execution - Ver2 (CVE-2005-1921)
2015-03-26 00:00:00
patchstack
patchstack
WordPress <= 1.3.0 - Eval Injection
2005-06-08 00:00:00
packetstorm
packetstorm
PHP XML-RPC Arbitrary Code Execution
2009-10-30 00:00:00
freebsd
freebsd
pear-XML_RPC -- remote PHP code injection vulnerability
2005-08-15 00:00:00
pear-XML_RPC -- arbitrary remote code execution
2005-06-29 00:00:00
drupal -- PHP code execution vulnerabilities
2005-06-29 00:00:00
cert
cert
Multiple PHP XML-RPC implementations vulnerable to code injection
2005-07-06 00:00:00
exploitpack
exploitpack
PHPXMLRPC 1.1 - Remote Code Execution
2015-07-02 00:00:00
exploitdb
exploitdb
PHPXMLRPC &lt; 1.1 - Remote Code Execution
2015-07-02 00:00:00
debiancve
debiancve
CVE-2005-1759
2005-06-28 04:00:00
CVE-2005-1751
2005-05-25 04:00:00

0.956 High

EPSS

Percentile

99.4%

JSON
Related for OSV:DSA-789-1
openvas61debian14nessus47nvd5centos3cve5ubuntucve4redhat2cvelist4suse3ubuntu2gentoo13securityvulns7slackware4osv3wpvulndb1checkpoint_advisories1patchstack1packetstorm1freebsd4cert1exploitpack1exploitdb1debiancve2