LWN.net Logo

Advertisement

TrustCommerce

E-Commerce & credit card processing - the Open Source way!

Advertise here

Not logged in

Log in now

Create an account

Subscribe to LWN

Sponsored link

Vyatta – Linux & Open Source Alternative to Cisco – Advanced Routing, Firewall, VPN, QoS..
Free Download ->

Recent Features

Plugging into GCC

LWN.net Weekly Edition for October 2, 2008

Ubuntu debuts its Upstream Report

openSUSE and the distribution of proprietary software

LPC: What's happening with webcams

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

php: arbitrary code execution

Package(s):php CVE #(s):CAN-2005-2498
Created:August 19, 2005 Updated:October 4, 2005
Description: A bug was discovered in the PEAR XML-RPC Server package included in PHP. If a PHP script is used which implements an XML-RPC Server using the PEAR XML-RPC package, then it is possible for a remote attacker to construct an XML-RPC request which can cause PHP to execute arbitrary PHP commands as the 'apache' user.
Alerts:
Debian DSA-842-1 2005-10-04
Debian DSA-840-1 2005-10-04
Gentoo 200509-19 2005-09-27
Debian-Testing DTSA-15-1 2005-09-13
Slackware SSA:2005-251-04 2005-09-09
Debian DSA-798-1 2005-09-02
Slackware SSA:2005-242-02 2005-08-31
Gentoo 200508-21 2005-08-31
Gentoo 200508-20 2005-08-30
Debian DSA-789-1 2005-08-29
Gentoo 200508-18 2005-08-26
Fedora FEDORA-2005-810 2005-08-25
Fedora FEDORA-2005-809 2005-08-25
Gentoo 200508-14 2005-08-24
Gentoo 200508-13 2005-08-24
Mandriva MDKSA-2005:146 2005-08-22
Ubuntu USN-171-1 2005-08-20
Red Hat RHSA-2005:748-01 2005-08-19
(Log in to post comments)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds