XML-RPC for PHP Remote Code Injection Vulnerability

Bugtraq ID: 14088
Class: Input Validation Error
CVE: CVE-2005-1921
CVE-2005-2116
Remote: Yes
Local: No
Published: Jun 29 2005 12:00AM
Updated: Mar 12 2007 10:34PM
Credit: Discovery is credited to James from GulfTech Security Research.
Vulnerable: Xoops Xoops 2.0.12
Xoops Xoops 2.0.11
Xoops Xoops 2.0.10
Xoops Xoops 2.0.9 .3
Xoops Xoops 2.0.9 .2
Xoops Xoops 2.0.5 .2
Xoops Xoops 2.0.5 .1
Xoops Xoops 2.0.5
Xoops Xoops 2.0.3
Xoops Xoops 2.0.2
Xoops Xoops 2.0.1
Xoops Xoops 2.0
XML-RPC for PHP XML-RPC for PHP 1.1
XML-RPC for PHP XML-RPC for PHP 1.0.99 .2
XML-RPC for PHP XML-RPC for PHP 1.0.99
XML-RPC for PHP XML-RPC for PHP 1.0 2
XML-RPC for PHP XML-RPC for PHP 1.0 1
XML-RPC for PHP XML-RPC for PHP 1.0
WordPress WordPress 1.5.1 .2
WordPress WordPress 1.5.1
WordPress WordPress 1.5
WordPress WordPress 1.2.2
WordPress WordPress 1.2.1
WordPress WordPress 1.2
+ Gentoo Linux 1.4
+ Gentoo Linux
WordPress WordPress 0.71
WordPress WordPress 0.7
Ubuntu Ubuntu Linux 5.0 4 powerpc
Ubuntu Ubuntu Linux 5.0 4 i386
Ubuntu Ubuntu Linux 5.0 4 amd64
Ubuntu Ubuntu Linux 4.1 ppc
Ubuntu Ubuntu Linux 4.1 ia64
Ubuntu Ubuntu Linux 4.1 ia32
Trustix Secure Linux 3.0
Trustix Secure Linux 2.2
Trustix Secure Linux 2.1
Trustix Secure Enterprise Linux 2.0
TikiWiki Project TikiWiki 1.8.4
TikiWiki Project TikiWiki 1.8.3
TikiWiki Project TikiWiki 1.8.2
TikiWiki Project TikiWiki 1.8.1
TikiWiki Project TikiWiki 1.8
TikiWiki Project TikiWiki 1.7.9
TikiWiki Project TikiWiki 1.7.8
TikiWiki Project TikiWiki 1.7.7
TikiWiki Project TikiWiki 1.7.6
TikiWiki Project TikiWiki 1.7.5
TikiWiki Project TikiWiki 1.7.4
TikiWiki Project TikiWiki 1.7.3
TikiWiki Project TikiWiki 1.7.2
TikiWiki Project TikiWiki 1.7.1 .1
TikiWiki Project TikiWiki 1.6.1
SuSE SUSE Linux Enterprise Server 8
SGI ProPack 3.0 SP6
Seagull PHP Framework Seagull PHP Framework 0.4.3
Seagull PHP Framework Seagull PHP Framework 0.4.2
Seagull PHP Framework Seagull PHP Framework 0.4.1
Seagull PHP Framework Seagull PHP Framework 0.4 dev3
Seagull PHP Framework Seagull PHP Framework 0.4 dev2
Seagull PHP Framework Seagull PHP Framework 0.4 dev1
Seagull PHP Framework Seagull PHP Framework 0.4
S9Y Serendipity 0.8.1
S9Y Serendipity 0.8 -beta6 Snapshot
S9Y Serendipity 0.8 -beta6
S9Y Serendipity 0.8 -beta5
S9Y Serendipity 0.8
S.u.S.E. SuSE Linux Standard Server 8.0
S.u.S.E. SuSE Linux School Server for i386
S.u.S.E. SUSE LINUX Retail Solution 8.0
S.u.S.E. SuSE Linux Openexchange Server 4.0
S.u.S.E. Open-Enterprise-Server 9.0
S.u.S.E. Novell Linux Desktop 9.0
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 9.1 x86_64
S.u.S.E. Linux Professional 9.1
S.u.S.E. Linux Professional 9.0 x86_64
S.u.S.E. Linux Professional 9.0
S.u.S.E. Linux Professional 8.2
S.u.S.E. Linux Professional 8.2
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux Desktop 1.0
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Desktop 4.0
RedHat Desktop 3.0
Red Hat Fedora Core4
Red Hat Fedora Core3
Red Hat Fedora Core2
Red Hat Fedora Core1
Red Hat Enterprise Linux AS 4
Red Hat Enterprise Linux AS 3
PostNuke Development Team PostNuke 0.76 RC4b
PostNuke Development Team PostNuke 0.76 RC4a
PostNuke Development Team PostNuke 0.76 RC4
PostNuke Development Team PostNuke 0.75
phpWebsite phpWebsite 0.10.1
phpWebsite phpWebsite 0.10
phpWebsite phpWebsite 0.9.3 -4
phpWebsite phpWebsite 0.9.3 -3
phpWebsite phpWebsite 0.9.3 -2
phpWebsite phpWebsite 0.9.3 -1
phpWebsite phpWebsite 0.9.3
phpPgAds phpPgAds 2.0.6
phpPgAds phpPgAds 2.0
phpMyFAQ phpMyFAQ 1.5 RC4
phpMyFAQ phpMyFAQ 1.5 RC3
phpMyFAQ phpMyFAQ 1.5 RC2
phpMyFAQ phpMyFAQ 1.5 RC1
phpMyFAQ phpMyFAQ 1.5 beta3
phpMyFAQ phpMyFAQ 1.5 beta2
phpMyFAQ phpMyFAQ 1.5 beta1
phpMyFAQ phpMyFAQ 1.5 alpha2
phpMyFAQ phpMyFAQ 1.5 alpha1
phpMyFAQ phpMyFAQ 1.4.8
phpMyFAQ phpMyFAQ 1.4.7
phpMyFAQ phpMyFAQ 1.4.6
phpMyFAQ phpMyFAQ 1.4.5
phpMyFAQ phpMyFAQ 1.4.4
phpMyFAQ phpMyFAQ 1.4.3
phpMyFAQ phpMyFAQ 1.4.2
phpMyFAQ phpMyFAQ 1.4.1
phpMyFAQ phpMyFAQ 1.4 a
phpMyFAQ phpMyFAQ 1.4 -alpha 2
phpMyFAQ phpMyFAQ 1.4 -alpha 1
phpMyFAQ phpMyFAQ 1.4
PHPGroupWare PHPGroupWare 0.9.16 RC3
PHPGroupWare PHPGroupWare 0.9.16 RC2
PHPGroupWare PHPGroupWare 0.9.16 RC1
PHPGroupWare PHPGroupWare 0.9.16 .006
PHPGroupWare PHPGroupWare 0.9.16 .005
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
PHPGroupWare PHPGroupWare 0.9.16 .003
PHPGroupWare PHPGroupWare 0.9.16 .002
PHPGroupWare PHPGroupWare 0.9.16 .000
PHPGroupWare PHPGroupWare 0.9.14 .007
PHPGroupWare PHPGroupWare 0.9.14 .006
PHPGroupWare PHPGroupWare 0.9.14 .005
PHPGroupWare PHPGroupWare 0.9.14 .004
PHPGroupWare PHPGroupWare 0.9.14 .003
PHPGroupWare PHPGroupWare 0.9.14 .002
PHPGroupWare PHPGroupWare 0.9.14 .001
PHPGroupWare PHPGroupWare 0.9.14
PHPGroupWare PHPGroupWare 0.9.13
- Debian Linux 2.2
PHPGroupWare PHPGroupWare 0.9.12
- Conectiva Linux 9.0
- Conectiva Linux 8.0
- Conectiva Linux 7.0
- MySQL AB MySQL 3.23.36
- MySQL AB MySQL 3.23.34
- MySQL AB MySQL 3.23.31
- PostgreSQL PostgreSQL 6.5.3
- PostgreSQL PostgreSQL 6.3.2
phpAdsNew phpAdsNew 2.0.4 -pr2
phpAdsNew phpAdsNew 2.0.4 -pr1
phpAdsNew phpAdsNew 2.0 beta 6
phpAdsNew phpAdsNew 2.0 beta 5
phpAdsNew phpAdsNew 2 dev 30092001
phpAdsNew phpAdsNew 2 dev 09102001
PHP-Wiki PHP-Wiki 1.3.11 _rc3
PHP-Wiki PHP-Wiki 1.3.11 _rc2
PHP-Wiki PHP-Wiki 1.3.10
PHP-Wiki PHP-Wiki 1.3.9
PHP-Wiki PHP-Wiki 1.3.3
PHP-Wiki PHP-Wiki 1.3.2
PHP-Wiki PHP-Wiki 1.3.1
PHP-Wiki PHP-Wiki 1.2.2
PHP-Wiki PHP-Wiki 1.2.1
PHP-Wiki PHP-Wiki 1.2
PHP PHP 4.3.11
PHP PHP 4.3.10
PHP PHP 4.3.9
PHP PHP 4.3.8
PHP PHP 4.3.7
PHP PHP 4.3.6
PHP PHP 4.3.5
PHP PHP 4.3.4
PHP PHP 4.3.3
PHP PHP 4.3.2
PHP PHP 4.3.1
PHP PHP 4.3
PHP PHP 4.2.3
PHP PHP 4.2.2
PHP PHP 4.2.1
PHP PHP 4.2 .0
PHP PHP 4.2 -dev
PHP PHP 4.1.2
PHP PHP 4.1.1
PHP PHP 4.1 .0
PHP PHP 4.0.7 RC3
PHP PHP 4.0.7 RC2
PHP PHP 4.0.7 RC1
PHP PHP 4.0.7
PHP PHP 4.0.6
PHP PHP 4.0.5
PHP PHP 4.0.4
PHP PHP 4.0.3 pl1
+ S.u.S.E. Linux 6.4 ppc
+ S.u.S.E. Linux 6.4 i386
+ S.u.S.E. Linux 6.4 alpha
+ S.u.S.E. Linux 6.4
PHP PHP 4.0.3
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 IA-32
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
+ Debian Linux 2.2
+ Sun Cobalt Control Station 4100CS
+ Sun Cobalt Qube3 Japanese 4000WGJ
+ Sun Cobalt Qube3 Japanese w/ Caching and RAID 4100WGJ
+ Sun Cobalt Qube3 Japanese w/Caching 4010WGJ
+ Sun Cobalt RaQ XTR 3500R
+ Sun Cobalt RaQ XTR Japanese 3500R-ja
PHP PHP 4.0.2
PHP PHP 4.0.1 pl2
PHP PHP 4.0.1 pl1
PHP PHP 4.0.1
+ Sun Cobalt Qube3 4000WG
+ Sun Cobalt Qube3 w/ Caching and RAID 4100WG
+ Sun Cobalt Qube3 w/Caching 4010WG
+ Sun Cobalt RaQ4 3001R
+ Sun Cobalt RaQ4 Japanese RAID 3100R-ja
+ Sun Cobalt RaQ4 RAID 3100R
PHP PHP 4.0 0
PEAR XML_RPC 1.3 RC3
PEAR XML_RPC 1.3 RC2
PEAR XML_RPC 1.3 RC1
PEAR XML_RPC 1.3
Nucleus CMS Nucleus CMS 3.2
Nucleus CMS Nucleus CMS 3.1
Nucleus CMS Nucleus CMS 3.0 RC
Nucleus CMS Nucleus CMS 3.0 1
Nucleus CMS Nucleus CMS 3.0
MySQL AB Eventum 1.5.4
MAXdev MD-Pro 1.0.72
Mandriva Linux Mandrake 10.2 x86_64
Mandriva Linux Mandrake 10.2
Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.1
Mandriva Linux Mandrake 10.0 AMD64
Mandriva Linux Mandrake 10.0
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MailWatch for MailScanner MailWatch for MailScanner 1.0
MailWatch for MailScanner MailWatch for MailScanner 0.5.1
MailWatch for MailScanner MailWatch for MailScanner 0.5
MailWatch for MailScanner MailWatch for MailScanner 0.4
HP Tru64 5.1 B-3
HP Tru64 5.1 B-2 PK4
HP Tru64 5.1 A PK6
FreeMed Software FreeMed 0.8.1
FreeMed Software FreeMed 0.8 .0
eGroupWare eGroupWare 1.0.6
eGroupWare eGroupWare 1.0.3
eGroupWare eGroupWare 1.0.1
eGroupWare eGroupWare 1.0 .0.007
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 amd64
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
+ Gentoo Linux
Drupal Drupal 4.6.1
Drupal Drupal 4.6
Drupal Drupal 4.5.3
Drupal Drupal 4.5.2
Drupal Drupal 4.5.2
Drupal Drupal 4.5.1
Drupal Drupal 4.5
Debian Linux 3.0 sparc
Debian Linux 3.0 s/390
Debian Linux 3.0 ppc
Debian Linux 3.0 mipsel
Debian Linux 3.0 mips
Debian Linux 3.0 m68k
Debian Linux 3.0 ia-64
Debian Linux 3.0 ia-32
Debian Linux 3.0 hppa
Debian Linux 3.0 arm
Debian Linux 3.0 alpha
Debian Linux 3.0
Conectiva Linux 10.0
Conectiva Linux 9.0
CivicSpace Labs CivicSpace 0.8.1
CivicSpace Labs CivicSpace 0.8 .0.5
CivicSpace Labs CivicSpace 0.8 .0.4
CivicSpace Labs CivicSpace 0.8 .0.3
CivicSpace Labs CivicSpace 0.8 .0.2
CivicSpace Labs CivicSpace 0.7.2
BLOG:CMS BLOG:CMS 3.6.4
BLOG:CMS BLOG:CMS 3.6.2
b2evolution b2evolution 0.9 .0.12
b2evolution b2evolution 0.9 .0.11
b2evolution b2evolution 0.9 .0.10
b2evolution b2evolution 0.9 .0.09
b2evolution b2evolution 0.9 .0.08
b2evolution b2evolution 0.9 .0.05
b2evolution b2evolution 0.9 .0.03
b2evolution b2evolution 0.8.9
b2evolution b2evolution 0.8.7
b2evolution b2evolution 0.8.6 .2
b2evolution b2evolution 0.8.6 .1
b2evolution b2evolution 0.8.6
b2evolution b2evolution 0.8.2 .2
b2evolution b2evolution 0.8.2
Ampache Ampache 3.3.1
Ampache Ampache 3.3
Ampache Ampache 3.2.4
Ampache Ampache 3.2.3
Ampache Ampache 3.2.2
Ampache Ampache 3.2.1
Ampache Ampache 3.2
Not Vulnerable: Xoops Xoops 2.0.12 a
XML-RPC for PHP XML-RPC for PHP 1.1.1
WordPress WordPress 1.5.1 .3
TikiWiki Project TikiWiki 1.8.5
Seagull PHP Framework Seagull PHP Framework 0.4.4
S9Y Serendipity 0.8.2
phpPgAds phpPgAds 2.0.5
phpMyFAQ phpMyFAQ 1.5 RC5
phpMyFAQ phpMyFAQ 1.4.9
phpAdsNew phpAdsNew 2.0.6
PHP PHP 4.4 .0
PEAR XML_RPC 1.3.1
Nucleus CMS Nucleus CMS 3.21
MySQL AB Eventum 1.5.5
MAXdev MD-Pro 1.0.73
MailWatch for MailScanner MailWatch for MailScanner 1.0.1
FreeMed Software FreeMed 0.8.1 .1
Drupal Drupal 4.6.2
Drupal Drupal 4.5.4
b2evolution b2evolution 0.9.1
Ampache Ampache 3.3.1 .2


 

Privacy Statement
Copyright 2010, SecurityFocus