XML-RPC.NET 代码问题漏洞

XML-RPC.NET is an open source library from PaperCut Software for implementing XML-RPC services and clients in . A security vulnerability exists in versions of XML-RPC.NET prior to 2.5.0 that originates from allowing an authenticated remote user to conduct a server-side request forgery SSRF attack...

WordPress < 3.0.3 Access Restriction Bypass Vulnerability

WordPress is prone to an access restriction bypass vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

PT-2022-27274 · Linaro · Lava

Name of the Vulnerable Software and Affected Versions: Linaro Automated Validation Architecture LAVA versions prior to 2022.11 Description: The issue allows users with valid credentials to submit crafted XMLRPC requests, causing a recursive XML entity expansion. This leads to excessive use of...

OESA-2022-2096 xmlrpc security update

Apache XML-RPC is a Java implementation of XML-RPC, a popular protocol that uses XML over HTTP to implement remote procedure calls. Apache XML-RPC was previously known as Helma XML-RPC. If you have code using the Helma library, all you should have to do is change the import statements in your cod...

Moderate: Red Hat Security Advisory: xmlrpc-c security update

An update for xmlrpc-c is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

RLSA-2022:7692 Moderate: xmlrpc-c security update

XML-RPC is a remote procedure call RPC protocol that uses XML to encode its calls and HTTP as a transport mechanism. The xmlrpc-c packages provide a network protocol to allow a client program to make a simple RPC remote procedure call over the Internet. It converts an RPC into an XML document,...

Moderate: xmlrpc-c security update

XML-RPC is a remote procedure call RPC protocol that uses XML to encode its calls and HTTP as a transport mechanism. The xmlrpc-c packages provide a network protocol to allow a client program to make a simple RPC remote procedure call over the Internet. It converts an RPC into an XML document,...

ALSA-2022:7692 Moderate: xmlrpc-c security update

XML-RPC is a remote procedure call RPC protocol that uses XML to encode its calls and HTTP as a transport mechanism. The xmlrpc-c packages provide a network protocol to allow a client program to make a simple RPC remote procedure call over the Internet. It converts an RPC into an XML document,...

CVE-2022-33941

PowerCMS XMLRPC API provided by Alfasado Inc. contains a command injection vulnerability. Sending a specially crafted message by POST method to PowerCMS XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. Affected products/versions are as...

PowerCMS XMLRPC API vulnerable to command injection

Overview PowerCMS XMLRPC API provided by Alfasado Inc. contains a command injection vulnerability CWE-74. Sending a specially crafted message by POST method to PowerCMS XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. According to the...

Alfasado PowerCMS 操作系统命令注入漏洞

Alfasado PowerCMS is a content management system CMS from Alfasado Japan. An operating system command injection vulnerability exists in the Alfasado PowerCMS XMLRPC API, which stems from the inclusion of a command injection vulnerability, where sending a specially crafted message via the POST...

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-20201105.1021)

The version of AHV installed on the remote host is prior to 20201105.1021. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-20201105.1021 advisory. - In Network Security Services NSS before 3.46, several cryptographic primitives had missing length checks. In...

Zoho Password Manager Pro XML-RPC Java Deserialization

This module exploits a Java deserialization vulnerability in Zoho ManageEngine Pro before 12101 and PAM360 before 5510. Unauthenticated attackers can send a crafted XML-RPC request containing malicious serialized data to /xmlrpc to gain RCE as the SYSTEM user. Module Options msf use...

Ubuntu: Security Advisory (USN-3902-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Movable Type 代码注入漏洞

Six Apart Movable Type MT is a blogging system from Six Apart USA. The system includes features such as multiple users, comments, quotes, and topics. A code injection vulnerability exists in Movable Type that originates from a specially crafted message that can be sent to the Movable Type XMLRPC...

Metasploit Weekly Wrap-Up

Log4Shell in MobileIron Core Thanks to jbaines-r7 we have yet another Log4Shell exploit. Similar to the other Log4Shell exploit modules, the exploit works by sending a JNDI string that once received by the server will be deserialized, resulting in unauthenticated remote code execution as the tomc...

Zoho Password Manager Pro XML-RPC Java Deserialization Exploit

This Metasploit module exploits a Java deserialization vulnerability in Zoho ManageEngine Pro before 12101 and PAM360 before 5510. Unauthenticated attackers can send a crafted XML-RPC request containing malicious serialized data to /xmlrpc to gain remote command execution as the SYSTEM user. This...

Zoho Password Manager Pro XML-RPC Java Deserialization

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zoho Password Manager Pro XML-RPC Java Deserialization', 'Description' = %q This module exploits a Java deserialization vulnerability in Zoho...

CVE-2022-35405

Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. This also affects ManageEngine Access Manager Plus before 4303 with authentication. Recent assessments: gwillcox-r7 at October 25, 2022 5:15pm UTC reported: This was...

U.S. Dept Of Defense: xmlrpc.php file enabled at ██████.org

The XML-RPC API on WordPress allowed third-party applications and services to interact with WordPress sites, but it opened up two types of attacks: XML-RPC pingbacks and brute force attacks. The xmlrpc.php file was enabled on ██████.org, making it vulnerable to these attacks. Disabling or removin...