Lucene search
SuseSUSE-SA:2005:041HistoryJul 08, 2005 - 3:32 p.m.
remote code execution in php/pear XML::RPC
2005-07-0815:32:35
lists.opensuse.org
25
0.956 High
EPSS
Percentile
99.4%
A bug in the PEAR::XML_RPC library allowed remote attackers to pass arbitrary PHP code to the eval() function.
Solution
Please install the updated packages.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| openSUSE | 9.1 | i586 | php4-servlet | < 4.3.4-43.36 | php4-servlet-4.3.4-43.36.i586.rpm |
| openSUSE | 9.2 | x86_64 | php4-32bit | < 9.2-200507052011 | php4-32bit-9.2-200507052011.x86_64.rpm |
| openSUSE | 9.2 | x86_64 | php4-sysvshm | < 4.3.8-8.9 | php4-sysvshm-4.3.8-8.9.x86_64.rpm |
| openSUSE | 9.3 | i586 | php5-exif | < 5.0.3-14.6 | php5-exif-5.0.3-14.6.i586.rpm |
| openSUSE | 9.3 | x86_64 | php5-sysvshm | < 5.0.3-14.6 | php5-sysvshm-5.0.3-14.6.x86_64.rpm |
| openSUSE | 9.3 | i586 | php4-sysvshm | < 4.3.10-14.6 | php4-sysvshm-4.3.10-14.6.i586.rpm |
| openSUSE | 9.3 | x86_64 | mod_php4-servlet | < 4.3.10-14.6 | mod_php4-servlet-4.3.10-14.6.x86_64.rpm |
| openSUSE | 9.2 | x86_64 | php4-fastcgi | < 4.3.8-8.9 | php4-fastcgi-4.3.8-8.9.x86_64.rpm |
| openSUSE | 9.0 | i586 | mod_php4-aolserver | < 4.3.3-191 | mod_php4-aolserver-4.3.3-191.i586.rpm |
| openSUSE | 9.3 | x86_64 | php4-32bit | < 9.3-7.3 | php4-32bit-9.3-7.3.x86_64.rpm |
Related
openvas
openvas
Gentoo Security Advisory GLSA 200507-07 (phpwebsite)
2008-09-24 00:00:00
Debian Security Advisory DSA 746-1 (phpgroupware)
2008-01-17 00:00:00
Gentoo Security Advisory GLSA 200507-08 (phpgroupware egroupware)
2008-09-24 00:00:00
patchstack
patchstack
WordPress <= 1.3.0 - Eval Injection
2005-06-08 00:00:00
packetstorm
packetstorm
PHP XML-RPC Arbitrary Code Execution
2009-10-30 00:00:00
cvelist
cvelist
CVE-2005-1921
2005-07-01 04:00:00
CVE-2005-2498
2005-08-15 04:00:00
nessus
nessus
Serendipity XML-RPC for PHP Remote Code Injection
2005-07-01 00:00:00
Debian DSA-746-1 : phpgroupware - input validation error
2005-07-14 00:00:00
Ubuntu 4.10 / 5.04 : php4, php4-universe vulnerability (USN-147-1)
2006-01-15 00:00:00
gentoo
gentoo
phpWebSite: Multiple vulnerabilities
2005-07-10 00:00:00
TikiWiki: Arbitrary command execution through XML-RPC
2005-07-06 00:00:00
phpGroupWare, eGroupWare: PHP script injection vulnerability
2005-07-10 00:00:00
wpvulndb
wpvulndb
WordPress <= 1.5.1.2 - XMLRPC Eval Injection
2005-06-29 00:00:00
debian
debian
checkpoint_advisories
checkpoint_advisories
LupperA XMLRPC Propagation Request Code Execution - Ver2 (CVE-2005-1921)
2015-03-26 00:00:00
ubuntucve
ubuntucve
CVE-2005-1921
2005-07-05 00:00:00
CVE-2005-2498
2005-08-15 00:00:00
securityvulns
securityvulns
[Full-disclosure] [ GLSA 200507-06 ] TikiWiki: Arbitrary command execution through XML-RPC
2005-07-07 00:00:00
Advisory 02/2005: Remote code execution in Serendipity
2005-06-30 00:00:00
Advisory 02/2005: Remote code execution in Serendipity
2005-07-01 00:00:00
nvd
nvd
slackware
slackware
PHP
2005-07-11 17:25:23
cve
cve
cert
cert
Multiple PHP XML-RPC implementations vulnerable to code injection
2005-07-06 00:00:00
exploitpack
exploitpack
PHPXMLRPC 1.1 - Remote Code Execution
2015-07-02 00:00:00
freebsd
freebsd
pear-XML_RPC -- arbitrary remote code execution
2005-06-29 00:00:00
drupal -- PHP code execution vulnerabilities
2005-06-29 00:00:00
postnuke -- multiple vulnerabilities
2005-05-27 00:00:00
ubuntu
ubuntu
PHP XMLRPC vulnerability
2005-07-05 00:00:00
exploitdb
exploitdb
PHPXMLRPC < 1.1 - Remote Code Execution
2015-07-02 00:00:00
centos
centos
php security update
2005-07-07 20:36:04
osv
osv
drupal - arbitrary command execution
2005-07-10 00:00:00
php4 - several
2005-08-29 00:00:00
redhat
redhat
(RHSA-2005:564) php security update
2005-07-07 00:00:00
suse
suse
remote code execution in php4, php5
2005-08-30 14:35:22
local command execution, authentication bypass, in apache2
2005-09-12 13:00:50