CVE-2020-9496

XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03...

Cross site scripting

XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03...

CVE-2020-9496

XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03...

CVE-2020-9496

CVE-2020-9496 affects Apache OFBiz 17.12.x. The vulnerability stems from unsafe deserialization in the XML-RPC endpoint (/webtools/control/xmlrpc), enabling cross-site scripting and remote code execution via crafted XML-RPC requests. Affected version shown in sources includes 17.12.01 (and later ...

CVE-2020-9496

XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03 Recent assessments: wvu-r7 at August 13, 2020 8:00pm UTC reported: Pre-auth RCE in ERP software that’s free and isn’t SAP? Sweet. And it’s a long-standing Apache project that’s often...

Insecure Deserialization in Apache XML-RPC

An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC aka ws-xmlrpc library. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code. Apache XML-RPC is no longer maintained and this issu...

GHSA-6VWP-35W3-XPH8 Insecure Deserialization in Apache XML-RPC

An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC aka ws-xmlrpc library. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code. Apache XML-RPC is no longer maintained and this issu...

Security Bulletin: Multiple Vulnerabilities in python 2.6.4 used in OS Image for AIX shipped with IBM Cloud Pak System

Summary Multiple vulnerabilities have been identified in python 2.6.4 used in OS Image for AIX Systems and OS Image for RedHat Enterprise Linux Systems shipped with IBM Cloud Pak System. OS Image for AIX for IBM Cloud Pak System has addressed vulnerabilities. OS Image for RedHat Enterprise Linux...

Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2020-1532)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

python: XSS vulnerability in the documentation XML-RPC server in server_title field

A reflected cross-site scripting XSS vulnerability was found in Python XML-RPC server. The servertitle field is not sufficiently sanitized allowing malicious JavaScript to be injected. Successful exploitation would allow a remote attacker to execute JavaScript code within the context of the...

Authorization Bypass

spacewalk-config is vulnerable to authorization bypass. The vulnerability exists as RHN Satellite incorrectly exposed an obsolete XML-RPC API for configuring package group comps.xml files for channels. An authenticated user could use this flaw to gain access to arbitrary files accessible to the R...

Denial Of Service (DoS)

php is vulnerable to denial of service DoS. The vulnerability exists as a NULL pointer dereference flaw was discovered in the PHP XML-RPC extension. A malicious XML-RPC client or server could use this flaw to crash the PHP interpreter via a specially-crafted XML-RPC request...

Information Disclosure

modperl is vulnerable to information disclosure. It was discovered that Red Hat Network Satellite Server shipped with an XML-RPC script, manzier.pxt, which had a single hard-coded authentication key. A remote attacker who is able to connect to the Satellite Server XML-RPC service could use this...

Arbitrary Code Execution

php is vulnerable to arbitrary code execution. A heap buffer overflow flaw was found in the PHP 'xmlrpc' extension. A PHP script which implements an XML-RPC server using this extension could allow a remote attacker to execute arbitrary code as the 'apache' user. Note that this flaw does not affec...

Fedora: Security Advisory for xmlrpc (FEDORA-2020-1d0635bd71)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 32 Update: xmlrpc-3.1.3-24.fc32

Apache XML-RPC is a Java implementation of XML-RPC, a popular protocol that uses XML over HTTP to implement remote procedure calls...

xmlrpc: Deserialization of server-side exception from faultCause in XMLRPC error response

A flaw was discovered where the XMLRPC client implementation in Apache XMLRPC, performed deserialization of the server-side exception serialized in the faultCause attribute of XMLRPC error response messages. A malicious or compromised XMLRPC server could possibly use this flaw to execute arbitrar...

TeamCity Agent XML-RPC 10.0 - Remote Code Execution

Exploit Title: TeamCity Agent XML-RPC 10.0 - Remote Code Execution Date: 2020-03-20 Exploit Author: Dylan Pindur Vendor Homepage: https://www.jetbrains.com/teamcity/ Version: TeamCity buildAgent.runBuild 123456 x ONAGENT x system.build.number 0 myVcsRootCurrentRev...

Apache XML-RPC Insecure Deserialization (CVE-2019-17570)

An insecure deserialization vulnerability exists in Apache XML-RPC. The vulnerability is due to deserialization of untrusted data. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Security Bulletin: A vulnerability in Python affects IBM Operations Analytics Predictive Insights (CVE-2019-16935)

Summary Python is used by IBM Operations Analytics Predictive Insights. IBM Operations Analytics Predictive Insights has addressed the applicable CVE. Note that the usage of Python within IBM Operations Analytics Predictive Insights is limited to the REST Mediation utility. If you do not use that...