CVE-2019-14258

The XML-RPC subsystem in Zenoss 2.5.3 allows XXE attacks that lead to unauthenticated information disclosure via port 9988...

CVE-2019-14258

The XML-RPC subsystem in Zenoss 2.5.3 allows XXE attacks that lead to unauthenticated information disclosure via port 9988...

Information disclosure

The XML-RPC subsystem in Zenoss 2.5.3 allows XXE attacks that lead to unauthenticated information disclosure via port 9988...

CVE-2019-14258

CVE-2019-14258 affects Zenoss 2.5.3 via the XML-RPC subsystem, where an XXE flaw in XML processing allows unauthenticated information disclosure on port 9988. Root cause is XXE in the XML handling of the XML-RPC subsystem. The impact is unauthenticated disclosure; no exploitation status or practi...

CVE-2019-14258

The XML-RPC subsystem in Zenoss 2.5.3 allows XXE attacks that lead to unauthenticated information disclosure via port 9988...

NewStart CGSL MAIN 4.05 : xmlrpc3 Vulnerability (NS-SA-2019-0136)

The remote NewStart CGSL host, running version MAIN 4.05, has xmlrpc3 packages installed that are affected by a vulnerability: - A flaw was discovered in the Apache XML-RPC ws-xmlrpc library that deserializes untrusted data when enabledForExtensions setting is enabled. A remote attacker could use...

Fedora 29 : php (2019-f07db8f031)

PHP version 7.2.21 01 Aug 2019 Date: - Fixed bug php69044 discrepency between time and microtime. krakjoe EXIF: - Fixed bug php78256 heap-buffer-overflow on exifprocessusercomment. CVE-2019-11042 Stas - Fixed bug php78222 heap-buffer-overflow on exifscanthumbnail. CVE-2019-11041 Stas Fileinfo: -...

NewStart CGSL CORE 5.04 / MAIN 5.04 : xmlrpc Vulnerability (NS-SA-2019-0037)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has xmlrpc packages installed that are affected by a vulnerability: - A flaw was discovered in the Apache XML-RPC ws-xmlrpc library that deserializes untrusted data when enabledForExtensions setting is enabled. A remote attacke...

CVE-2018-17198

Server-side Request Forgery SSRF and File Enumeration vulnerability in Apache Roller 5.2.1, 5.2.0 and earlier unsupported versions relies on Java SAX Parser to implement its XML-RPC interface and by default that parser supports external entities in XML DOCTYPE, which opens Roller up to SSRF / Fil...

CVE-2018-17198

Server-side Request Forgery SSRF and File Enumeration vulnerability in Apache Roller 5.2.1, 5.2.0 and earlier unsupported versions relies on Java SAX Parser to implement its XML-RPC interface and by default that parser supports external entities in XML DOCTYPE, which opens Roller up to SSRF / Fil...

CVE-2018-17198

Server-side Request Forgery SSRF and File Enumeration vulnerability in Apache Roller 5.2.1, 5.2.0 and earlier unsupported versions relies on Java SAX Parser to implement its XML-RPC interface and by default that parser supports external entities in XML DOCTYPE, which opens Roller up to SSRF / Fil...

CVE-2018-17198

CVE-2018-17198 describes a Server-Side Request Forgery (SSRF) and File Enumeration flaw in Apache Roller 5.2.1, 5.2.0 and earlier . The issue arises because the Java SAX Parser used for the XML-RPC interface allows external entities in XML DOCTYPE by default, enabling SSRF/File Enumeration even w...

EulerOS Virtualization 3.0.1.0 : php (EulerOS-SA-2019-1544)

According to the versions of the php packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An integer underflow flaw leading to out-of-bounds memory access was found in the way PHP's Phar extension parsed Phar archives. A...

CVE-2019-5434

An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize call on the "what" parameter in the "openads.spc" RPC method. Such vulnerability could be used to perform various types of attacks, e.g. exploit serialize-related PHP vulnerabilities...

Design/Logic Flaw

An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize call on the "what" parameter in the "openads.spc" RPC method. Such vulnerability could be used to perform various types of attacks, e.g. exploit serialize-related PHP vulnerabilities...

CVE-2019-5434

CVE-2019-5434 affecting Revive Adserver 4.2. The vulnerability is a deserialization/unsafe unserialize() trigger in the XML-RPC script (openads.spc) via the what parameter, allowing an attacker to execute arbitrary code on the target. The issue is tied to Revive Adserver 4.2.0+ and server-side PH...

CVE-2019-5434

An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize call on the "what" parameter in the "openads.spc" RPC method. Such vulnerability could be used to perform various types of attacks, e.g. exploit serialize-related PHP vulnerabilities...

Memory Corruption And Code Execution

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exifthumbnail function to crash or, possibly, execute arbitrary code with the...

Ad Server Patched to Stop Possible Malware Distribution

UPDATE The open-source advertising platform Revive Adserver is urging customers to patch two vulnerabilities, one of which is critical and may have been exploited to allow hackers to deliver malware to third-party websites. Revive Adserver, formerly known as OpenX Source, is a free, open-source a...

Revive Adserver Deserialization / Open Redirect

======================================================================== Revive Adserver Security Advisory REVIVE-SA-2019-001 ------------------------------------------------------------------------ https://www.revive-adserver.com/security/revive-sa-2019-001...