[Secure-testing-commits] r1592 - data/CAN
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Tue Aug 16 07:59:53 UTC 2005
Author: jmm-guest
Date: 2005-08-16 07:59:50 +0000 (Tue, 16 Aug 2005)
New Revision: 1592
Modified:
data/CAN/list
Log:
embedded-code-copies has already proven useful; another
XMLRPC vulnerability.
Modified: data/CAN/list
===================================================================
--- data/CAN/list 2005-08-15 21:14:16 UTC (rev 1591)
+++ data/CAN/list 2005-08-16 07:59:50 UTC (rev 1592)
@@ -105,8 +105,13 @@
- linux-2.6 2.6.12-1 (medium)
CAN-2005-2499
NOTE: reserved
-CAN-2005-2498
+CAN-2005-2498 [XMLRPC: Inproper handling of nested tags allows arbitrary code execution]
NOTE: reserved
+ - drupal (unfixed; bug filed; high)
+ - phpgroupware (unfixed; bug filed; high)
+ - egroupware (unfixe; bug filed; high)
+ TODO: phpwiki has disabled the XMLRPC in the last upload, it orphaned as well, should be fixed anyway
+ TODO: check php4 and php5 (I guess both are affected)
CAN-2005-2497
NOTE: reserved
CAN-2005-2496
More information about the Secure-testing-commits
mailing list