CPP-Ethereum JSON-RPC miner_setGasPrice improper authorization Vulnerability

Summary An exploitable improper authorization vulnerability exists in minersetGasPrice API of cpp-ethereum’s JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to...

CPP-Ethereum JSON-RPC Denial Of Service Vulnerabilities

Summary An exploitable unhandled exception vulnerability exists in multiple APIs of CPP-Ethereum’s JSON-RPC. Specially crafted JSON requests can cause a unhandled exception resulting in denial of service. An attacker can send malicious JSON to trigger this vulnerability. Tested Versions Ethereum...

Parity Ethereum Client Overly Permissive Cross-domain Whitelist JSON-RPC vulnerability

Summary An exploitable overly permissive cross-domain CORS whitelist vulnerability exists in JSON-RPC of Parity Ethereum client version 1.7.8. An automatically sent JSON object to JSON-RPC endpoint can trigger this vulnerability. A victim needs to visit malicious website to trigger this...

CPP-Ethereum JSON-RPC miner_start improper authorization Vulnerability

Summary An exploitable improper authorization vulnerability exists in minerstart API of cpp-ethereum’s JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigg...

CPP-Ethereum JSON-RPC admin_peers improper authorization Vulnerability

Summary An exploitable improper authorization vulnerability exists in adminpeers API of cpp-ethereum’s JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigg...

CPP-Ethereum JSON-RPC miner_setEtherbase improper authorization Vulnerability

Summary An exploitable improper authorization vulnerability exists in minersetEtherbase API of cpp-ethereum’s JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON t...

transmission-daemon -- vulnerable to dns rebinding attacks

Google Project Zero reports: The transmission bittorrent client uses a client/server architecture, the user interface is the client which communicates to the worker daemon using JSON RPC requests. As with all HTTP RPC schemes like this, any website can send requests to the daemon listening on...

Untangle NGFW 12.1.0 Beta execEvil() Command Injection

!/usr/bin/python Title: Untangle NGFW " print "! and in a separat...

Zabbix 2.2 < 3.0.3 - API JSON-RPC Remote Code Execution

!/usr/bin/env python -- coding: utf-8 -- Exploit Title: Zabbix RCE with API JSON-RPC Date: 06-06-2016 Exploit Author: Alexander Gurin Vendor Homepage: http://www.zabbix.com Software Link: http://www.zabbix.com/download.php Version: 2.2 - 3.0.3 Tested on: Linux Debian, CentOS CVE : N/A import...

Zabbix 2.2 < 3.0.3 - API JSON-RPC Remote Code Execution

Exploit for php platform in category web applications !/usr/bin/env python -- coding: utf-8 -- Exploit Title: Zabbix RCE with API JSON-RPC Date: 06-06-2016 Exploit Author: Alexander Gurin Vendor Homepage: http://www.zabbix.com Software Link: http://www.zabbix.com/download.php Version: 2.2 - 3.0.3...

Zabbix 3.0.3 Remote Command Execution

!/usr/bin/env python -- coding: utf-8 -- Exploit Title: Zabbix RCE with API JSON-RPC Date: 06-06-2016 Exploit Author: Alexander Gurin Vendor Homepage: http://www.zabbix.com Software Link: http://www.zabbix.com/download.php Version: 2.2 - 3.0.3 Tested on: Linux Debian, CentOS CVE : N/A import...

Zabbix 2.2 3.0.3 - API JSON-RPC Remote Code Execution

Zabbix 2.2 3.0.3 - API JSON-RPC Remote Code Execution !/usr/bin/env python -- coding: utf-8 -- Exploit Title: Zabbix RCE with API JSON-RPC Date: 06-06-2016 Exploit Author: Alexander Gurin Vendor Homepage: http://www.zabbix.com Software Link: http://www.zabbix.com/download.php Version: 2.2 - 3.0.3...

Untangle NGFW 9 / 10 / 11 XSS / Code Execution

Multiple issues have been discovered in the Untangle NGFW virtual appliance. The vendor was unresponsive and uncooperative to the researcher. - Persistent XSS leading to root Authentication requiredConfirmed in versions 9 and 11 up to rev r39357 Throughout the Untangle user interface there are...

SEC Consult SA-20150113-2 :: Cross-Site Request Forgery in XBMC / Kodi

SEC Consult Vulnerability Lab Security Advisory 20150113-2 ======================================================================= title: Cross-Site Request Forgery product: Kodi/XBMC vulnerable version: XBMC/Kodi =14 fixed version: no fixed version available impact: medium homepage:...

JSON-RPC API allows anonymous content rendering

The renderContent method can be used by anonymous users, leaking information, and allowing macro execution. Should the entire JSON-RPC be inaccessible to anonymous users if anonymous users can't use confluence?...

JSON-RPC API allows anonymous content rendering

The renderContent method can be used by anonymous users, leaking information, and allowing macro execution. Should the entire JSON-RPC be inaccessible to anonymous users if anonymous users can't use confluence?...

JSON-RPC API allows anonymous content rendering

The renderContent method can be used by anonymous users, leaking information, and allowing macro execution. Should the entire JSON-RPC be inaccessible to anonymous users if anonymous users can't use confluence?...

Bitcoin Client Detection (JSON/RPC)

Binary data 8066.prm...

JSON-RPC API functions available anonymously even though anonymous API access is disabled.

The summary says it all really. The functions listed below can be used on our confluence service even though we have Anonymous API Access disabled check box not checked in admin control panel. This is an issue when it comes to confluence sites that have sensitive user or group information...

JSON-RPC API functions available anonymously even though anonymous API access is disabled.

The summary says it all really. The functions listed below can be used on our confluence service even though we have Anonymous API Access disabled check box not checked in admin control panel. This is an issue when it comes to confluence sites that have sensitive user or group information...