Author: jmm-guest Date: 2005-08-16 07:59:50 +0000 (Tue, 16 Aug 2005) New Revision: 1592 Modified: data/CAN/list Log: embedded-code-copies has already proven useful; another XMLRPC vulnerability. Modified: data/CAN/list ==================================================================--- data/CAN/list 2005-08-15 21:14:16 UTC (rev 1591) +++ data/CAN/list 2005-08-16 07:59:50 UTC (rev 1592) @@ -105,8 +105,13 @@ - linux-2.6 2.6.12-1 (medium) CAN-2005-2499 NOTE: reserved -CAN-2005-2498 +CAN-2005-2498 [XMLRPC: Inproper handling of nested tags allows arbitrary code execution] NOTE: reserved + - drupal (unfixed; bug filed; high) + - phpgroupware (unfixed; bug filed; high) + - egroupware (unfixe; bug filed; high) + TODO: phpwiki has disabled the XMLRPC in the last upload, it orphaned as well, should be fixed anyway + TODO: check php4 and php5 (I guess both are affected) CAN-2005-2497 NOTE: reserved CAN-2005-2496