CVE-2017-12114

The CVE-2017-12114 entry affects cpp-ethereum’s JSON-RPC admin_peers API. Technical details from connected sources show an improper authorization flaw where admin_peers allows access to restricted functionality without credentials. The root cause is missing privilege checks in AdminNet::admin_pee...

CVE-2017-12112

The CVE-2017-12112 entry corresponds to an authorization bypass in cpp-ethereum’s JSON-RPC admin_addPeer API. Talos reports an improper authorization check in AdminNet::admin_addPeer that allows a remote attacker to trigger restricted functionality without credentials, with the call binding to 0....

CVE-2017-12114

An exploitable improper authorization vulnerability exists in adminpeers API of cpp-ethereum's JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this...

CVE-2017-12117

An exploitable improper authorization vulnerability exists in minerstart API of cpp-ethereum's JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this...

CVE-2017-12117

CVE-2017-12117 affects cpp-ethereum’s JSON-RPC miner_start API. The root cause is improper authorization checks in the miner_start implementation, allowing a remote attacker to trigger restricted functionality without credentials. Affected component is the JSON-RPC server inside cpp-ethereum (com...

PT-2018-5353 · Ethereum · Cpp-Ethereum

Name of the Vulnerable Software and Affected Versions: cpp-ethereum version affected versions not specified Description: An improper authorization issue exists in the admin addPeer API endpoint of cpp-ethereum's JSON-RPC. This allows a JSON request to access restricted functionality, resulting in...

PT-2018-5360 · Ethereum · Cpp-Ethereum Json-Rpc

Name of the Vulnerable Software and Affected Versions: CPP-Ethereum JSON-RPC affected versions not specified Description: An exploitable unhandled exception issue exists in multiple APIs of CPP-Ethereum JSON-RPC, where specially crafted JSON requests can cause an unhandled exception, resulting in...

PT-2018-5357 · Ethereum · Cpp-Ethereum

Name of the Vulnerable Software and Affected Versions: cpp-ethereum affected versions not specified Description: An improper authorization issue exists in the miner setGasPrice API of cpp-ethereum's JSON-RPC. This allows a JSON request to access restricted functionality, resulting in authorizatio...

PT-2018-5354 · Ethereum · Cpp-Ethereum

Name of the Vulnerable Software and Affected Versions: cpp-ethereum affected versions not specified Description: An improper authorization issue exists in the admin nodeInfo API endpoint of cpp-ethereum's JSON-RPC. This allows a JSON request to access restricted functionality, resulting in...

(0Day) Quest NetVault Backup Server checksession Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Quest NetVault Backup. The specific flaw exists within JSON RPC Request handling. By setting the checksession parameter to a specific value, it is possible to bypass authentication to critical...

FreeBSD : transmission-daemon -- vulnerable to dns rebinding attacks (3e5b8bd3-0c32-452f-a60e-beab7b762351)

Google Project Zero reports : The transmission bittorrent client uses a client/server architecture, the user interface is the client which communicates to the worker daemon using JSON RPC requests. As with all HTTP RPC schemes like this, any website can send requests to the daemon listening on...

[SECURITY] Fedora 26 Update: python-jsonrpclib-0.3.1-1.fc26

This project is an implementation of the JSON-RPC v2.0 specification backwards-compatible as a client library, for Python 2.7 and Python 3. This version is a fork of jsonrpclib by Josh Marshall, usable with Pelix remote services...

CPP-Ethereum JSON-RPC Incorrect Authorization Vulnerability

CPP-Ethereum is a C++ client for Ethereum Application Programming Platform.JSON-RPC is one of the remote invocation services using JSON as the protocol. An incorrect authorization vulnerability exists in the adminnodeInfo API for JSON-RPC in CPP-Ethereum commit version...

CPP-Ethereum JSON-RPC Denial Of Service Vulnerabilities(CVE-2017-12119)

Summary An exploitable unhandled exception vulnerability exists in multiple APIs of CPP-Ethereum's JSON-RPC. Specially crafted JSON requests can cause a unhandled exception resulting in denial of service. An attacker can send malicious JSON to trigger this vulnerability. Tested Versions Ethereum...

CPP-Ethereum JSON-RPC admin_nodeInfo improper authorization Vulnerability(CVE-2017-12113)

Summary An exploitable improper authorization vulnerability exists in adminnodeInfo API of cpp-ethereum's JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to...

CPP-Ethereum JSON-RPC miner_start improper authorization Vulnerability(CVE-2017-12117)

Summary An exploitable improper authorization vulnerability exists in minerstart API of cpp-ethereum's JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigg...

CPP-Ethereum JSON-RPC admin_addPeer Authorization Bypass Vulnerability(CVE-2017-12112)

Summary An exploitable improper authorization vulnerability exists in adminaddPeer API of cpp-ethereum's JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to...

CPP-Ethereum JSON-RPC Incorrect Authorization Vulnerability (CNVD-2018-02800)

CPP-Ethereum is a C++ client for Ethereum Application Programming Platform.JSON-RPC is one of the remote invocation services using JSON as the protocol. An incorrect authorization vulnerability exists in the minerstop API for JSON-RPC in CPP-Ethereum commit version...

CPP-Ethereum JSON-RPC admin_peers improper authorization Vulnerability(CVE-2017-12114)

Summary An exploitable improper authorization vulnerability exists in adminpeers API of cpp-ethereum's JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigg...

CPP-Ethereum JSON-RPC miner_setGasPrice improper authorization Vulnerability(CVE-2017-12116)

Summary An exploitable improper authorization vulnerability exists in minersetGasPrice API of cpp-ethereum's JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to...