Exploit for Deserialization of Untrusted Data in Apache Ofbiz

CVE-2020-9496 XML-RPC request are vulnerable to unsafe deseria...

PT-2021-3114 · Moodle +1 · Moodle +1

Name of the Vulnerable Software and Affected Versions: Moodle versions 3.5 to 3.5.17 Moodle versions 3.8 to 3.8.8 Moodle versions 3.9 to 3.9.6 Moodle versions 3.10 to 3.10.3 Description: An SQL injection risk exists on sites with MNet enabled and configured, via an XML-RPC call from the connected...

VulnCheck KEV: CVE-2017-11610

The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups...

Sifchain: xmlrpc.php And /wp-json/wp/v2/users FILE IS enable it will used for bruteforce attack and denial of service

Hi Team : i am abbas heybati ; Summary: After reviewing the given scope, I realized that the main domain "http://sifchain.finance" has several vulnerabilities that I will report to you as a scenario. I realize that I have reported to you outside of Scope. The report is related to the mentioned...

Apache OFBiz XML-RPC Java Deserialization Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache OFBiz XML-RPC Java Deserialization', 'Description' = %q This module exploits a Java deserialization vulnerability in Apache OFBiz's...

Apache OFBiz XML-RPC Java Deserialization

This module exploits a Java deserialization vulnerability in Apache OFBiz's unauthenticated XML-RPC endpoint /webtools/control/xmlrpc for versions prior to 17.12.01 using the ROME gadget chain. Versions up to 18.12.11 are exploitable utilizing an auth bypass CVE-2023-51467 and use the...

Apache OFBiz XML-RPC Java Deserialization

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache OFBiz XML-RPC Java Deserialization', 'Description' = %q This module exploits a Java deserialization vulnerability in Apache OFBiz's...

NewStart CGSL MAIN 6.02 : python3 Multiple Vulnerabilities (NS-SA-2021-0059)

The remote NewStart CGSL host, running version MAIN 6.02, has python3 packages installed that are affected by multiple vulnerabilities: - Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to...

CentOS 7 : python (RHSA-2020:3911)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:3911 advisory. - The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the servertitle field. This occurs in...

RHEL 7 : python (RHSA-2020:3911)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:3911 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...

WordPress 5.2.x < 5.2.8 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A deserialization vulnerability exists in RequestsUtilityFilteredIterator class. - A cross-site scripting XSS vulnerability exists via global variables and post slugs. - A...

WordPress 4.1.x < 4.1.32 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A deserialization vulnerability exists in RequestsUtilityFilteredIterator class. - A cross-site scripting XSS vulnerability exists via global variables and post slugs. - A...

WordPress 4.6.x < 4.6.20 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A deserialization vulnerability exists in RequestsUtilityFilteredIterator class. - A cross-site scripting XSS vulnerability exists via global variables and post slugs. - A...

Moderate: python3 security and bug fix update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

Privilege Escalation

wordpress is vulnerable to Privilege Escalation. The XML-RPC is insecure and allows a user to gain privileges and unauthorized access to confidential resources...

Privilege Escalation

wordpress is vulnerable to privilege escalation. Using XML-RPC allows an unprivileged user to comment on a post as wp-includes/class-wp-xmlrpc-server.php does not enforce the permission to restrict it...

FreeBSD : wordpress -- multiple issues (11325357-1d3c-11eb-ab74-4c72b94353b5)

wordpress developers reports : Ten security issues affect WordPress versions 5.5.1 and earlier. If you havent yet updated to 5.5, all WordPress versions since 3.7 have also been updated to fix the following security issues : -Props to Alex Concha of the WordPress Security Team for their work in...

CVE-2020-28036

wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attackers to gain privileges by using XML-RPC to comment on a post...

CVE-2020-28035

WordPress before 5.5.2 allows attackers to gain privileges via XML-RPC...

CVE-2020-28035

WordPress before 5.5.2 allows attackers to gain privileges via XML-RPC...