Razer Sila 2.0.418 Command Injection

Exploit Title: Razer Sila - Command Injection Google Dork: N/A Date: 4/9/2022 Exploit Author: Kevin Randall Vendor Homepage: https://www2.razer.com/ap-en/desktops-and-networking/razer-sila Software Link: https://www2.razer.com/ap-en/desktops-and-networking/razer-sila Version:...

Monero: monerod JSON RPC server remote DoS

Monero daemon monerod does not limit Content-length variable when processing incoming HTTP requests. We can force monerod to allocate arbitrary amount of memory. How to reproduce: 1 compile monero https://github.com/monero-project/monero 2 run it: $ ulimit -Sv 1000000000 $ ./bin/monerod --rpc-log...

(Pwn2Own) Cisco RV340 JSON RPC file-copy Command Injection Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Cisco RV340 routers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of...

What is JSON-RPC ❓ Definition, Work, Comparison

Just like everything else, the world of API protocols is evolving. Typical SOAP and REST APIs have many companies like GraphQL, gRPC, and Thrift. JSON-RPC is also on the list. Created to develop feature-rich and quick websites, it is developers’ best buddy. Let us see what it is and how it benefi...

OpenSea ‘Free Gift’ NFTs Drain Cryptowallet Balances

Users of OpenSea, the world’s largest digital-collectible marketplace, have found their cryptocurrency wallets ripped off thanks to cyberattackers weaponizing security bugs that allowed them to highjack user accounts. The attacks revolved around boobytrapped art files, which circulated in the for...

CVE-2021-22019

The vCenter Server contains a denial-of-service vulnerability in VAPI vCenter API service. A malicious actor with network access to port 5480 on vCenter Server may exploit this issue by sending a specially crafted jsonrpc message to create a denial of service condition...

CVE-2021-22008

The vCenter Server contains an information disclosure vulnerability in VAPI vCenter API service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by sending a specially crafted json-rpc message to gain access to sensitive information...

CVE-2021-22008

The vCenter Server contains an information disclosure vulnerability in VAPI vCenter API service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by sending a specially crafted json-rpc message to gain access to sensitive information...

Information disclosure

The vCenter Server contains an information disclosure vulnerability in VAPI vCenter API service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by sending a specially crafted json-rpc message to gain access to sensitive information...

CVE-2021-22008

The vCenter Server contains an information disclosure vulnerability in VAPI vCenter API service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by sending a specially crafted json-rpc message to gain access to sensitive information...

CVE-2021-22008

CVE-2021-22008 is an information-disclosure flaw in VMware vCenter Server’s VAPI service. With network access to port 443, an attacker can send a crafted json-rpc message to access sensitive data. Public references (NVD/Red Hat/CNVD) describe the vulnerability similarly and cite VMware’s VMSA-202...

CVE-2021-28495

In Arista's MOS Metamako Operating System software which is supported on the 7130 product line, under certain conditions, user authentication can be bypassed when API access is enabled via the JSON-RPC APIs. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train...

CVE-2021-28495

In Arista's MOS Metamako Operating System software which is supported on the 7130 product line, under certain conditions, user authentication can be bypassed when API access is enabled via the JSON-RPC APIs. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train...

Authentication flaw

In Arista's MOS Metamako Operating System software which is supported on the 7130 product line, under certain conditions, user authentication can be bypassed when API access is enabled via the JSON-RPC APIs. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train...

CVE-2021-28495

In Arista's MOS Metamako Operating System software which is supported on the 7130 product line, under certain conditions, user authentication can be bypassed when API access is enabled via the JSON-RPC APIs. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train...

CVE-2021-28495

CVE-2021-28495 affects Arista MOS (Metamako Operating System) on the 7130 line. The vulnerability allows bypass of user authentication when API access is enabled via JSON-RPC APIs under certain conditions, with MOS trains MOS-0.1x (0.13 and later in that train) and MOS-0.2x MOS-0.31.1 and earlier...

Security Advisory 0066

Security Advisory 0066 . CSAF PDF Date: August 20th, 2021 Version: 1.0 Revision | Date | Changes ---|---|--- 1.0 | August 20th, 2021 | Initial Release The CVE-ID tracking this issue: CVE-2021-28495 CVSSv3.1 Base Score: 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L Description This advisory...

Input validation

An improper input validation vulnerability in the service of ezPDFReader allows attacker to execute arbitrary command. This issue occurred when the ezPDF launcher received and executed crafted input values through JSON-RPC communication...

CVE-2021-26605 unidocs ezPDFReader arbitrary command execution vulnerability

An improper input validation vulnerability in the service of ezPDFReader allows attacker to execute arbitrary command. This issue occurred when the ezPDF launcher received and executed crafted input values through JSON-RPC communication...

CVE-2021-26605

CVE-2021-26605 is a real, concrete vulnerability in ezPDFReader where the ezPDF launcher processes crafted input over JSON-RPC, allowing remote code execution due to improper input validation. The issue enables an attacker to run arbitrary commands on affected systems. Public sources confirm the ...