Oracle Linux 5 : php (ELSA-2010-0919)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2010-0919 advisory. - add security fix for CVE-2010-3870 626735 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Not...

Fedora Update for python-bugzilla FEDORA-2013-11419

Check for the Version of python-bugzilla OpenVAS Vulnerability Test Fedora Update for python-bugzilla FEDORA-2013-11419 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modif...

Fedora Update for python-bugzilla FEDORA-2013-11397

Check for the Version of python-bugzilla OpenVAS Vulnerability Test Fedora Update for python-bugzilla FEDORA-2013-11397 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modif...

[SECURITY] Fedora 17 Update: python-bugzilla-0.9.0-1.fc17

python-bugzilla is a python library for interacting with bugzilla instances over XML-RPC. This package also includes the 'bugzilla' command-line tool for interacting with bugzilla from shell scripts...

[SECURITY] Fedora 18 Update: python-bugzilla-0.9.0-1.fc18

python-bugzilla is a python library for interacting with bugzilla instances over XML-RPC. This package also includes the 'bugzilla' command-line tool for interacting with bugzilla from shell scripts...

[SECURITY] Fedora 19 Update: python-bugzilla-0.9.0-1.fc19

python-bugzilla is a python library for interacting with bugzilla instances over XML-RPC. This package also includes the 'bugzilla' command-line tool for interacting with bugzilla from shell scripts...

CentOS 4 : php (CESA-2007:0349)

Updated PHP packages that fix two security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A hea...

CVE-2012-6531

1 ZendDom, 2 ZendFeed, and 3 ZendSoap in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 do not properly handle SimpleXMLElement classes, which allow remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC...

CVE-2012-3363

ZendXmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML...

Xxe

ZendXmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML...

UBUNTU-CVE-2012-6532

1 ZendDom, 2 ZendFeed, 3 ZendSoap, and 4 ZendXmlRpc in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 allow remote attackers to cause a denial of service CPU consumption via recursive or circular references in an XML entity definition in an XML DOCTYPE declaration, aka an XML Entity...

Xxe

1 ZendDom, 2 ZendFeed, and 3 ZendSoap in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 do not properly handle SimpleXMLElement classes, which allow remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC...

UBUNTU-CVE-2012-3363

ZendXmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML...

CVE-2012-3363

CVE-2012-3363 : Zend_XmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 mishandles SimpleXMLElement classes, enabling remote attackers to read arbitrary files or make TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request (XXE). This is cause...

CVE-2012-3363

ZendXmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML...

CVE-2012-6531

1 ZendDom, 2 ZendFeed, and 3 ZendSoap in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 do not properly handle SimpleXMLElement classes, which allow remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC...

Titan FTP Administrative Password Disclosure

On Titan FTP servers prior to version 9.14.1628, an attacker can retrieve the username and password for the administrative XML-RPC interface, which listens on TCP Port 31001 by default, by sending an XML request containing bogus authentication information. After sending this request, the server...

Re: Wordpress Pingback Port Scanner

Hi Chris! It's good that you've drew attention on possibility of port scanning and made nice software for abusing this WP feature. But I want to remind about another vulnerability in XML-RPC, which I've disclosed in 2012. The most important hole in WordPress XML-RPC is Brute Force...

RHEL 5 / 6 : Red Hat Network Proxy spacewalk-backend (RHSA-2012:0102)

The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2012:0102 advisory. Red Hat Network RHN Proxy provides a mechanism for caching content, such as package updates from Red Hat or custom content created for an...

XML-RPC PingBack API Remote DoS Exploit (through xmlrpc.php)

Exploit for php platform in category dos / poc Exploit Title: XML-RPC PingBack API Remote Denial of Service exploit through xmlrpc.php Date: 04/01/2013 Category: Remote Exploit Author: D35m0nd142 Tested on: Debian Linux !/usr/bin/perl use LWP::UserAgent; use HTTP::Request::Common; use...