65 matches found
PHP 资源管理错误漏洞
PHP is an open-source scripting language executed on the server side. Versions of PHP prior to 8.2.31, 8.3.31, 8.4.21, and 8.5.6 contained a resource management vulnerability. This vulnerability occurred when the SoapServer was configured as SOAPPERSISTENTSESSION. In such cases, the processing...
PT-2026-39448
Name of the Vulnerable Software and Affected Versions PHP versions 8.2.0 through 8.2.30 PHP versions 8.3.0 through 8.3.30 PHP versions 8.4.0 through 8.4.20 PHP versions 8.5.0 through 8.5.5 Description When SoapServer is configured with SOAP PERSISTENCE SESSION, the handler object is persisted...
EUVD-2011-4426
Malware in sbrugna...
EUVD-2021-8874
Malicious code in bioql PyPI...
CVE-2011-4500
The UPnP IGD implementation on the Cisco Linksys WRT54GX with firmware 2.00.05, when UPnP is enabled, configures the SOAP server to listen on the WAN port, which allows remote attackers to administer the firewall via SOAP requests...
CVE-2023-27368
NETGEAR RAX30 soapserverd Stack-based Buffer Overflow Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific...
CLSA-2024-1706700142 php: Fix of 8 CVEs
CVE-2021-21702: Fix null pointer crash because of malformed SOAP server response - CVE-2021-21703: Fix error in php fpm shared memory organization leading to privilage escalation - CVE-2022-31625: Fix freeing of uninitialized memory leading to RCE - CVE-2022-31626: Fix buffer overflow in mysqlnd...
CVE-2023-48166
A directory traversal vulnerability in the SOAP Server integrated in Atos Unify OpenScape Voice V10 before V10R3.26.1 allows a remote attacker to view the contents of arbitrary files in the local file system. An unauthenticated attacker might obtain sensitive files that allow for the compromise o...
Directory traversal
A directory traversal vulnerability in the SOAP Server integrated in Atos Unify OpenScape Voice V10 before V10R3.26.1 allows a remote attacker to view the contents of arbitrary files in the local file system. An unauthenticated attacker might obtain sensitive files that allow for the compromise o...
CVE-2023-48166
A directory traversal vulnerability in the SOAP Server integrated in Atos Unify OpenScape Voice V10 before V10R3.26.1 allows a remote attacker to view the contents of arbitrary files in the local file system. An unauthenticated attacker might obtain sensitive files that allow for the compromise o...
Atos Unify OpenScape Security Vulnerability
Atos Unify OpenScape is a native SIP-based real-time Voice over IP system from Atos Unify. A security vulnerability exists in Atos Unify OpenScape Voice V10 versions prior to V10R3.26.1, which stems from a directory traversal vulnerability in the SOAP server that allows an attacker to view the...
CVE-2023-48166
CVE-2023-48166 affects Atos Unify OpenScape Voice V10 before V10R3.26.1, where a directory traversal in the SOAP Server can let an unauthenticated remote attacker view arbitrary files in the local file system. This could enable sensitive data exposure and potential system compromise as described ...
PT-2024-13551 · Atos · Atos Unify Openscape Voice
Name of the Vulnerable Software and Affected Versions: Atos Unify OpenScape Voice versions prior to V10R3.26.1 Description: A directory traversal vulnerability in the SOAP Server integrated in Atos Unify OpenScape Voice allows a remote attacker to view the contents of arbitrary files in the local...
Citrix PVS soap server service does not start and crashes after installing Microsoft January 2022 Updates (E.g. KB5008877 or KB5009546)
Since installing Microsoft January 2022 Updates like KB5009546 or KB5008877 the Citrix PVS soap server service doesn't start anymore. When trying to start this service it crashes right away. While this happens the Citrix PVS API service also stops working. Soapserver.exe crashes Event 1000 .net...
Ubuntu 16.04 ESM : PHP vulnerabilities (USN-5006-2)
The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5006-2 advisory. USN-5006-1 fixed several vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Tenable has...
Security Bulletin: Multiple vulnerabilities have been identified in IBM Tivoli Monitoring shipped with IBM Cloud Orchestrator Enterprise
Summary IBM Tivoli Monitoring is shipped as a component of IBM Cloud Orchestrator Enterprise. Information about security vulnerabilities affecting IBM Tivoli Monitoring has been published in the security bulletins below. Vulnerability Details Consult the following security bulletins for IBM Tivol...
Security Bulletin: IBM Tivoli Monitoring Soap Server (CVE-2016-6083)
Summary The default configuration for IBM Tivoli Monitoring soap interface allows unathenticated users access to soap requests. Vulnerability Details CVEID: CVE-2016-6083 DESCRIPTION: IBM Tivoli Monitoring could disclose could allow an unauthenticated user to access SOAP queries that could contai...
"XenDesktop Site is not reachable, check that the Citrix PVS Soap Server service user has XenDesktop permissions and network connectivity" While Promoting vDisk Version
The following error appears while trying to promote an updated version of a vDisk: "XenDesktop Site f0a65a14-f50b-403a-ba3b-77700c7829b7 is not reachable, check that the Citrix PVS Soap Server service user has XenDesktop permissions and network connectivity." The PVS Soap Server service runs as...
Adobe IndesignServer 5.5 SOAP Server Arbitrary Script Execution
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...
Adobe IndesignServer 5.5 SOAP Server Arbitrary Script Execution
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Adobe...