PT-2018-5353 · Ethereum · Cpp-Ethereum

Name of the Vulnerable Software and Affected Versions: cpp-ethereum version affected versions not specified Description: An improper authorization issue exists in the admin addPeer API endpoint of cpp-ethereum's JSON-RPC. This allows a JSON request to access restricted functionality, resulting in...

PT-2018-5360 · Ethereum · Cpp-Ethereum Json-Rpc

Name of the Vulnerable Software and Affected Versions: CPP-Ethereum JSON-RPC affected versions not specified Description: An exploitable unhandled exception issue exists in multiple APIs of CPP-Ethereum JSON-RPC, where specially crafted JSON requests can cause an unhandled exception, resulting in...

PT-2018-5354 · Ethereum · Cpp-Ethereum

Name of the Vulnerable Software and Affected Versions: cpp-ethereum affected versions not specified Description: An improper authorization issue exists in the admin nodeInfo API endpoint of cpp-ethereum's JSON-RPC. This allows a JSON request to access restricted functionality, resulting in...

PT-2018-5357 · Ethereum · Cpp-Ethereum

Name of the Vulnerable Software and Affected Versions: cpp-ethereum affected versions not specified Description: An improper authorization issue exists in the miner setGasPrice API of cpp-ethereum's JSON-RPC. This allows a JSON request to access restricted functionality, resulting in authorizatio...

(0Day) Quest NetVault Backup Server checksession Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Quest NetVault Backup. The specific flaw exists within JSON RPC Request handling. By setting the checksession parameter to a specific value, it is possible to bypass authentication to critical...

FreeBSD : transmission-daemon -- vulnerable to dns rebinding attacks (3e5b8bd3-0c32-452f-a60e-beab7b762351)

Google Project Zero reports : The transmission bittorrent client uses a client/server architecture, the user interface is the client which communicates to the worker daemon using JSON RPC requests. As with all HTTP RPC schemes like this, any website can send requests to the daemon listening on...

[SECURITY] Fedora 26 Update: python-jsonrpclib-0.3.1-1.fc26

This project is an implementation of the JSON-RPC v2.0 specification backwards-compatible as a client library, for Python 2.7 and Python 3. This version is a fork of jsonrpclib by Josh Marshall, usable with Pelix remote services...

CPP-Ethereum JSON-RPC Incorrect Authorization Vulnerability

CPP-Ethereum is a C++ client for Ethereum Application Programming Platform.JSON-RPC is one of the remote invocation services using JSON as the protocol. An incorrect authorization vulnerability exists in the adminnodeInfo API for JSON-RPC in CPP-Ethereum commit version...

CPP-Ethereum JSON-RPC Denial Of Service Vulnerabilities(CVE-2017-12119)

Summary An exploitable unhandled exception vulnerability exists in multiple APIs of CPP-Ethereum's JSON-RPC. Specially crafted JSON requests can cause a unhandled exception resulting in denial of service. An attacker can send malicious JSON to trigger this vulnerability. Tested Versions Ethereum...

CPP-Ethereum JSON-RPC admin_nodeInfo improper authorization Vulnerability(CVE-2017-12113)

Summary An exploitable improper authorization vulnerability exists in adminnodeInfo API of cpp-ethereum's JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to...

CPP-Ethereum JSON-RPC miner_start improper authorization Vulnerability(CVE-2017-12117)

Summary An exploitable improper authorization vulnerability exists in minerstart API of cpp-ethereum's JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigg...

CPP-Ethereum JSON-RPC Incorrect Authorization Vulnerability (CNVD-2018-02800)

CPP-Ethereum is a C++ client for Ethereum Application Programming Platform.JSON-RPC is one of the remote invocation services using JSON as the protocol. An incorrect authorization vulnerability exists in the minerstop API for JSON-RPC in CPP-Ethereum commit version...

CPP-Ethereum JSON-RPC admin_peers improper authorization Vulnerability(CVE-2017-12114)

Summary An exploitable improper authorization vulnerability exists in adminpeers API of cpp-ethereum's JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigg...

CPP-Ethereum JSON-RPC admin_addPeer Authorization Bypass Vulnerability(CVE-2017-12112)

Summary An exploitable improper authorization vulnerability exists in adminaddPeer API of cpp-ethereum's JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to...

CPP-Ethereum JSON-RPC miner_setGasPrice improper authorization Vulnerability(CVE-2017-12116)

Summary An exploitable improper authorization vulnerability exists in minersetGasPrice API of cpp-ethereum's JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to...

CPP-Ethereum JSON-RPC miner_setEtherbase improper authorization Vulnerability(CVE-2017-12115)

Summary An exploitable improper authorization vulnerability exists in minersetEtherbase API of cpp-ethereum's JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON t...

CPP-Ethereum JSON-RPC miner_stop improper authorization Vulnerability(CVE-2017-12118)

Summary An exploitable improper authorization vulnerability exists in minerstop API of cpp-ethereum's JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigge...

Vulnerability Spotlight: Multiple Vulnerabilities in the CPP and Parity Ethereum Client

Vulnerabilities discovered by Marcin Noga of Cisco Talos. Overview Talos is disclosing the presence of multiple vulnerabilities in the CPP and the Parity Ethereum clients. TALOS-2017-0503 / CVE-2017-14457 describes a denial of service vulnerability and potential memory leak in libevm. The functio...

CPP-Ethereum JSON-RPC miner_stop improper authorization Vulnerability

Summary An exploitable improper authorization vulnerability exists in minerstop API of cpp-ethereum’s JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigge...

CPP-Ethereum JSON-RPC admin_nodeInfo improper authorization Vulnerability

Summary An exploitable improper authorization vulnerability exists in adminnodeInfo API of cpp-ethereum’s JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to...