Insecure Deserialization in Apache XML-RPC

An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC aka ws-xmlrpc library. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code. Apache XML-RPC is no longer maintained and this issu...

Amazon Linux AMI : python27, python35, python36 (ALAS-2020-1342)

The version of python27 installed on the remote host is prior to 2.7.16-1.131. The version of python35 installed on the remote host is prior to 3.5.7-1.25. The version of python36 installed on the remote host is prior to 3.6.10-1.16. It is, therefore, affected by a vulnerability as referenced in...

CVE-2019-17570

An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC aka ws-xmlrpc library. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code. Apache XML-RPC is no longer maintained and this issu...

Huawei EulerOS: Security Advisory for python2 (EulerOS-SA-2020-1044)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

NewStart CGSL CORE 5.05 / MAIN 5.05 : python Vulnerability (NS-SA-2020-0002)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has python packages installed that are affected by a vulnerability: - The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the servertitle field. This occurs in...

EulerOS Virtualization for ARM 64 3.0.5.0 : python3 (EulerOS-SA-2020-1048)

According to the versions of the python3 packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. Th...

EulerOS Virtualization for ARM 64 3.0.5.0 : python2 (EulerOS-SA-2020-1044)

According to the versions of the python2 packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. Th...

NewStart CGSL CORE 5.04 / MAIN 5.04 : python Vulnerability (NS-SA-2019-0260)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has python packages installed that are affected by a vulnerability: - The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the servertitle field. This occurs in...

EulerOS 2.0 SP3 : python (EulerOS-SA-2019-2653)

According to the versions of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly pars...

Ubuntu: Security Advisory (USN-4151-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4151-1 python2.7, python3.5, python3.6, python3.7 vulnerabilities

It was discovered that Python incorrectly parsed certain email addresses. A remote attacker could possibly use this issue to trick Python applications into accepting email addresses that should be denied. CVE-2019-16056 It was discovered that the Python documentation XML-RPC server incorrectly...

CVE-2008-1475

The xml-rpc server in Roundup 1.4.4 does not check property permissions, which allows attackers to bypass restrictions and edit or read restricted properties via the 1 list, 2 display, and 3 set methods...

Input validation

The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the servertitle field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If setservertitle is called with untrusted input, arbitrary...

Cross site request forgery (csrf)

The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups...

PYSEC-2017-41

The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups...

CVE-2017-11610

The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups. Recent assessments: Assessed Attacker Value...

Debian: Security Advisory (DSA-3942-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2017-2784 · Supervisor +1 · Supervisor +1

Name of the Vulnerable Software and Affected Versions: Supervisor versions prior to 3.0.1 Supervisor versions 3.1.x prior to 3.1.4 Supervisor versions 3.2.x prior to 3.2.4 Supervisor versions 3.3.x prior to 3.3.3 Description: The XML-RPC server in Supervisor allows remote authenticated users to...

FreeBSD : drupal -- multiple vulnerabilities (59a0af97-dbd4-11e5-8fa8-14dae9d210b8)

Drupal Security Team reports : - File upload access bypass and denial of service File module - Drupal 7 and 8 - Moderately Critical - Brute force amplification attacks via XML-RPC XML-RPC server - Drupal 6 and 7 - Moderately Critical - Open redirect via path manipulation Base system - Drupal 6, 7...

Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2016-001

File upload access bypass and denial of service File module - Drupal 7 and 8 - Moderately Critical A vulnerability exists in the File module that allows a malicious user to view, delete or substitute a link to a file that the victim has uploaded to a form while the form has not yet been submitted...