Rapid7 Vulnerability & Exploit Database

SUSE-SR:2005:018:vuln6: ampache vulnerability

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

SUSE-SR:2005:018:vuln6: ampache vulnerability

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

07/28/2005

Created

07/25/2018

Added

12/13/2005

Modified

11/18/2015

Description

Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.

Solution(s)

References

https://attackerkb.com/topics/cve-2005-1921
14088
CVE - 2005-1921
DSA-745
DSA-746
DSA-747
DSA-789
MDKSA-2005:109
OVAL11294
OVAL350
RHSA-2005:564
SUSE-SA:2005:041
SUSE-SA:2005:049
SUSE-SA:2005:051
http://marc.theaimsgroup.com/?l=bugtraq&m=112008638320145&w=2
http://marc.theaimsgroup.com/?l=bugtraq&m=112015336720867&w=2
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:350
http://pear.php.net/package/XML_RPC/download/1.3.1
http://sourceforge.net/project/showfiles.php?group_id=87163
http://sourceforge.net/project/shownotes.php?release_id=338803
http://www.ampache.org/announce/3_3_1_2.php
http://www.drupal.org/security/drupal-sa-2005-003/advisory.txt
http://www.frsirt.com/english/advisories/2005/2827
http://www.gulftech.org/?node=research&article_id=00087-07012005
http://www.hardened-php.net/advisory-022005.php
http://www.novell.com/linux/security/advisories/2005_18_sr.html
http://www.securityfocus.com/archive/1/archive/1/419064/100/0/threaded

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;