XML-RPC for PHP Remote Code Injection Vulnerability

XML-RPC for PHP Remote Code Injection Vulnerability

References:

PHPXMLRPC Library Remote Code Execution (GulfTech Research)
Ampache Home Page (Ampache)
b2evolution Homepage (b2evolution)
BLOG:CMS Homepage (BLOG:CMS)
CLSA-2005:980 - php4 (Conectiva)
CRITICAL BUGFIX RELEASE: Serendipity 0.8.2 (S9Y)
Drupal 4.6.2 and 4.5.4 released (Drupal)
eGroupWare Homepage (eGroupWare)
Eventum 1.5.5 Released (MySQL AB)
Execution of arbitrary PHP code in phpMyFAQ version 1.4 and 1.5 (phpMyFAQ)
FreeMed 0.8.1.1 Released (FreeMed Software)
Linux.Plupii (Symantec)
MailWatch for MailScanner Home Page (MailWatch for MailScanner)
Nucleus CMS Homepage (Nucleus)
PEAR Home Page (PEAR)
PEAR XML_RPC Change Log (PEAR)
PHP 4 ChangeLog (PHP)
PHP-Wiki Homepage (PHP-Wiki)
phpAdsNew Homepage (phpAdsNew)
PHPGroupWare Homepage (PHPGroupWare)
phpPgAds Home Page (phpPgAds)
PostNuke Homepage (PostNuke Development Team)
ProManager Homepage (Promanager)
Remote Code Injection via xml rpc (PostNuke Development Team)
Remote Code Injection via xml rpc (third party library used in MD-Pro CMS) (MAXdev)
RHSA-2005:564-15 - php security update (RedHat)
Serendipity Homepage (S9Y)
Vendor Homepage (Seagull)
WordPress 1.5.1.3 Available (WordPress)
DRUPAL-SA-2005-003 - Drupal security advisory (Drupal)
Metasploit exploit for PHP XMLRPC (comsatcat )
PEAR XML_RPC Remote Code Execution Vulnerability (GulfTech Security Research )
PHPXMLRPC Remote Code Execution (GulfTech Security Research )
Three More Vulnerable to PHPXMLRPC code injection (GulfTech Security Research )

Privacy Statement
Copyright 2010, SecurityFocus