85 matches found
SUSE CVE-2015-0284
Cross-site scripting XSS vulnerability in spacewalk-java in Spacewalk and Red Hat Satellite 5.7 allows remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the XMLRPC API, involving user details. NOTE: this vulnerability exists because of an incomplete fix for...
DataX-Web 代码问题漏洞
DataX-Web is a distributed data synchronization tool developed on top of DataX by WeiYe's personal developers. A security vulnerability exists in DataX-Web v1.0.0 and v2.0.0 to v2.1.2, which stems from the fact that its RPC interface does not perform privilege checking by default, allowing an...
Information disclosure
In strings.xml, there is a possible permission bypass due to a misleading string. This could lead to remote information disclosure of call logs with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-2315856...
PT-2022-14745 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: The issue is related to a possible permission bypass in strings.xml due to a misleading string, which could lead to remote information disclosure of call logs without requiring additional execution...
Movable Type XMLRPC API vulnerable to command injection
Overview Movable Type XMLRPC API provided by Six Apart Ltd. contains a command injection vulnerability CWE-74. Sending a specially crafted message by POST method to Movable Type XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. According...
JetBrains TeamCity 授权问题漏洞
JetBrains TeamCity is a distributed build management and continuous integration tool from JetBrains Czech Republic. A security vulnerability exists in JetBrains TeamCity, which stems from the product's failure to validate user identities. An unauthenticated attacker could use the vulnerability to...
grafana: snapshot feature allow an unauthenticated remote attacker to trigger a DoS via a remote API call
A flaw was found in Grafana. The snapshot feature allows unauthenticated remote attackers to trigger a denial of service DoS via a remote API call if anonymous access is enabled. The highest threat from this vulnerability is to system availability...
Sierra Wireless ALEOS Code Execution Vulnerability
Sierra Wireless ALEOS AAF is Sierra Wireless Canada's framework for creating applications in Sierra Wireless AirLink gateways. ALEOS versions 4.4.9, 4.9.5, and prior to 4.14.0 have a security vulnerability that originates from an unauthenticated RPC server allowing remote code execution. No...
CVE-2020-16167
Missing Authentication for Critical Function in temi Robox OS prior to 120, temi Android app up to 1.3.7931 allows remote attackers to receive and answer calls intended for another temi user. Answering the call this way grants motor control of the temi in addition to audio/video via unspecified...
CVE-2020-1113
A security feature bypass vulnerability exists in Microsoft Windows when the Task Scheduler service fails to properly verify client connections over RPC, aka 'Windows Task Scheduler Security Feature Bypass Vulnerability'...
CloudBees Jenkins Call Remote Job Plugin Information Disclosure Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Call Remote Job Plugin is used in one of the...
The vulnerability of the RemoteCall sub-component of the PeopleSoft Enterprise PT PeopleTools component of the Oracle PeopleSoft Products suite allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the RemoteCall sub-component of the PeopleSoft Enterprise PT PeopleTools component of the Oracle PeopleSoft Products suite is related to access control deficiencies. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to...
DEBIAN-CVE-2018-19653
HashiCorp Consul 0.5.1 through 1.4.0 can use cleartext agent-to-agent RPC communication because the verifyoutgoing setting is improperly documented. NOTE: the vendor has provided reconfiguration steps that do not require a software upgrade...
Magiczoomplus for Joomla, 3.3.4, Insecure Folder Permissions
Magiczoomplus for Joomla, versions 3.3.4 and previous, Sensitive information disclosure, Insecure folder permissions, Remote call information disclosure. Resolution: update to 3.3.6 Update notice: https://www.magictoolbox.com/jv-release-update/ Note that the VEL do not agree with the developer's...
"Two Stage" BMW Theft Attempt
Modern cars have alarm systems that automatically connect to a remote call center. This makes cars harder to steal, since tripping the alarm causes a quick response. This article describes a theft attempt that tried to neutralize that security system. In the first attack, the thieves just disable...
CVE-2018-2439
The SAP Internet Graphics Server IGS, 7.20, 7.20EXT, 7.45, 7.49, 7.53, has insufficient request validation for example, where the request is validated for authenticity and validity and under certain conditions, will process invalid requests. Several areas of the SAP Internet Graphics Server IGS d...
VulnCheck KEV: CVE-2017-3623
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite subcomponent: Kernel RPC. For supported versions that are affected see note. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Solaris. While the...
Empire Download System V2.5 JS Remote Call Vulnerability
Empire Download System" is a code completely open source, dedicated to the website information download and online video site to provide solutions. Empire Download System V2.5 version of the JS call function has a remote call vulnerability. Allow attackers to exploit the vulnerability is exploite...
. NET Remoting remote code execution vulnerability explore-exploit warning-the black bar safety net
This is an article on . NET Remoting the security of the Coptic text, in the article will use a simple RCE exploit and provide the right case will be described. This paper mainly has the following content: 1. The . NET Remoting technology made a brief introduction 2. Use VS 编写 一 个 简单 的 .NET...
The vulnerability of the Flash Player and Adobe Integrated Runtime software allows a perpetrator to execute arbitrary code.
The vulnerability of the SharedObject object implementation in Flash Player and Adobe Integrated Runtime is related to errors in the code. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely by causing “type mismatches” during the getRemote call...