290 matches found
CVE-2023-36177
CVE-2023-36177 affects badaix Snapcast 0.27.0, where the Snapcast JSON-RPC API allows remote code execution and data leakage. Multiple connected advisories confirm vendor fixes: Debian bookworm patches Snapcast to 0.26.0+dfsg1-1+deb12u1 (DSA-5847-1); Debian bullseye patches to 0.23.0+dfsg1-1+deb1...
CVE-2023-36177
An issue was discovered in badaix Snapcast version 0.27.0, allows remote attackers to execute arbitrary code and gain sensitive information via crafted request in JSON-RPC-API...
PT-2024-12548 · Badaix +1 · Snapcast +1
Name of the Vulnerable Software and Affected Versions: snapcast versions prior to 0.23.0+dfsg1-1+deb11u1 snapcast versions prior to 0.26.0+dfsg1-1+deb12u1 snapcast version 0.27.0 Description: An RCE vulnerability exists in snapcast, a multi-room client-server audio player. Remote attackers can...
CVE-2023-43118
Cross Site Request Forgery CSRF vulnerability in Chalet application in Extreme Networks Switch Engine EXOS before 32.5.1.5, fixed in 31.7.2 and 32.5.1.5 allows attackers to run arbitrary code and cause other unspecified impacts via /jsonrpc API...
Extreme Networks Switch Engine Cross-Site Request Forgery Vulnerability
Extreme Networks Switch Engine EXOS is a switch engine from Extreme Networks, Inc. A security vulnerability exists in Extreme Networks Switch Engine versions prior to 32.5.1.5, which stems from a cross-site request forgery CSRF vulnerability in the Chalet application. An attacker could exploit th...
PT-2023-4340 · Adtran · Adtran Sr400Ac
Name of the Vulnerable Software and Affected Versions: Adtran SR400ac affected versions not specified Description: The issue is related to the lack of input validation in the SmartOS WiFi router ADTRAn SR400ac, allowing remote attackers to execute arbitrary code in the context of the root user. T...
Adtran SR400ac ping Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adtran SR400ac routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the ping command, whi...
Quest NetVault Backup NVBUJobCountHistory SQL Injection (CVE-2017-17420)
An SQL injection vulnerability exists in the Server Process Manager Service of Quest NetVault Backup. The vulnerability is due to improper validation of user-supplied input on JSON-RPC requests invoking the Get method of the NVBUJobCountHistory class. A remote unauthenticated attacker could explo...
Malicious code in json-rpc-adapter (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f4fdeb0a41688e0145066a567cbaa4beda509d5d3f9f84b13e7dcff7e289fd11 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-4072 Malicious code in json-rpc-adapter (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f4fdeb0a41688e0145066a567cbaa4beda509d5d3f9f84b13e7dcff7e289fd11 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-1585 Malicious code in bitcoin-json-rpc-adapter (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6343f2f77d5f772e6b17c00fed2653e9c0c887f0e0ae1fda00de4b0cde9f8ca5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2018-25041
A vulnerability was found in uTorrent. It has been rated as critical. Affected by this issue is some unknown functionality of the component JSON RPC Server. The manipulation leads to privilege escalation. The attack may be launched remotely. The exploit has been disclosed to the public and may be...
Privilege escalation
A vulnerability was found in uTorrent. It has been rated as critical. Affected by this issue is some unknown functionality of the component JSON RPC Server. The manipulation leads to privilege escalation. The attack may be launched remotely. The exploit has been disclosed to the public and may be...
CVE-2018-25041 uTorrent JSON RPC Server privileges management
A vulnerability was found in uTorrent. It has been rated as critical. Affected by this issue is some unknown functionality of the component JSON RPC Server. The manipulation leads to privilege escalation. The attack may be launched remotely. The exploit has been disclosed to the public and may be...
CVE-2018-25041
A vulnerability in uTorrent’s JSON RPC Server allows remote privilege escalation. The issue affects an unspecified functionality of the JSON RPC Server; exploit has been disclosed publicly. Upgrading the affected component is recommended as the remediation; exact patched version is not specified ...
CVE-2018-25041 uTorrent JSON RPC Server privileges management
A vulnerability was found in uTorrent. It has been rated as critical. Affected by this issue is some unknown functionality of the component JSON RPC Server. The manipulation leads to privilege escalation. The attack may be launched remotely. The exploit has been disclosed to the public and may be...
Cisco RV340 JSON RPC set-snmp Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV340 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling o...
Cisco RV340 JSON RPC set-snmp Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV340 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling o...
Cisco RV340 JSON RPC set-snmp Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV340 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling o...
Cisco RV340 JSON RPC set-snmp Command Injection Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV340 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling o...