|
|
Log in / Subscribe / Register

php: arbitrary code execution

Package(s):php CVE #(s):CAN-2005-2498
Created:August 19, 2005 Updated:October 4, 2005
Description: A bug was discovered in the PEAR XML-RPC Server package included in PHP. If a PHP script is used which implements an XML-RPC Server using the PEAR XML-RPC package, then it is possible for a remote attacker to construct an XML-RPC request which can cause PHP to execute arbitrary PHP commands as the 'apache' user.
Alerts:
Debian DSA-842-1 egroupware 2005-10-04
Debian DSA-840-1 drupal 2005-10-04
Gentoo 200509-19 php 2005-09-27
Debian-Testing DTSA-15-1 php4 2005-09-13
Slackware SSA:2005-251-04 php5 2005-09-09
Debian DSA-798-1 phpgroupware 2005-09-02
Slackware SSA:2005-242-02 PHP 2005-08-31
Gentoo 200508-21 phpwebsite 2005-08-31
Gentoo 200508-20 phpgroupware 2005-08-30
Debian DSA-789-1 php4 2005-08-29
Gentoo 200508-18 phpwiki 2005-08-26
Fedora FEDORA-2005-810 php 2005-08-25
Fedora FEDORA-2005-809 php 2005-08-25
Gentoo 200508-14 tikiwiki 2005-08-24
Gentoo 200508-13 PEAR-XML_RPC 2005-08-24
Mandriva MDKSA-2005:146 php-pear 2005-08-22
Ubuntu USN-171-1 php4 2005-08-20
Red Hat RHSA-2005:748-01 PHP 2005-08-19
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds