1091 matches found
Zope畸形XML-RPC请求导致远程信息泄露漏洞
BUGTRAQ ID: 5806 Zope是一款基于Python的开放源代码内容管理系统服务程序。 Zope没有正确处理XML-RPC请求,远程攻击者可以利用这个漏洞获得系统敏感信息。 攻击者构建畸形的XML-RPC请求给Zope服务器,由于Zope处理错误可导致Zope返回包含详细系统信息的错误页面,攻击者可以利用这些信息进一步对系统进行攻击 0 Zope Zope 2.5.1 Zope Zope 2.5.0 Zope Zope 2.4.4 b1 Zope Zope 2.4.3 Zope Zope 2.4.2 Zope Zope 2.4.1 Zope Zope 2.4.0 Zope...
CVE-2011-0212
servermgrd in Apple Mac OS X before 10.6.8 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service CPU and memory consumption, via an XML-RPC request containing an entity declaration in conjunction with an entity reference,...
Design/Logic Flaw
servermgrd in Apple Mac OS X before 10.6.8 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service CPU and memory consumption, via an XML-RPC request containing an entity declaration in conjunction with an entity reference,...
CVE-2011-0212
CVE-2011-0212 affects Apple Mac OS X Server (servermgrd) prior to 10.6.8. An XML External Entity (XXE) flaw in servermgrd’s XML-RPC handling can allow remote attackers to read arbitrary files and potentially send HTTP requests to intranet servers, with possible CPU/memory DoS. Root cause: unsafe ...
Design/Logic Flaw
Red Hat Network RHN Satellite 5.3 and 5.4 exposes a dangerous, obsolete XML-RPC API, which allows remote authenticated users to access arbitrary files and cause a denial of service failed yum operations via vectors related to configuration and package group comps.xml files for channels...
CVE-2010-1171
Red Hat Network RHN Satellite 5.3 and 5.4 exposes a dangerous, obsolete XML-RPC API, which allows remote authenticated users to access arbitrary files and cause a denial of service failed yum operations via vectors related to configuration and package group comps.xml files for channels...
CVE-2010-1171
Red Hat Network RHN Satellite 5.3 and 5.4 exposes a dangerous, obsolete XML-RPC API, which allows remote authenticated users to access arbitrary files and cause a denial of service failed yum operations via vectors related to configuration and package group comps.xml files for channels...
CVE-2010-1171
CVE-2010-1171 affects Red Hat Network Satellite (RHN Satellite) 5.3 and 5.4. The vulnerability stems from an obsolete XML-RPC API exposed by RHN Satellite, enabling an authenticated user to access arbitrary files and trigger a denial of service via manipulation of configuration and package group ...
Moderate: Red Hat Security Advisory: security update for Red Hat Network Satellite
Updated packages that fix two security issues are now available for Red Hat Network Satellite 5.3 and 5.4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...
ovs-agent-version NSE Script
Detects the version of an Oracle Virtual Server Agent by fingerprinting responses to an HTTP GET request and an XML-RPC method call. Version 2.2 of Virtual Server Agent returns a distinctive string in response to an HTTP GET request. However versions 3.0 and 3.0.1 return a generic response that...
Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Endpoint Devices
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Endpoint Devices Advisory ID: cisco-sa-20110223-telepresence-cts Revision 1.0 For Public Release 2011 February 23 1600 +---------------------------------------------------------...
Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Recording Server
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Recording Server Advisory ID: cisco-sa-20110223-telepresence-ctrs Revision 1.0 For Public Release 2011 February 23 1600 UTC GMT...
Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch Advisory ID: cisco-sa-20110223-telepresence-ctms Revision 1.0 For Public Release 2011 February 23...
Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch Advisory ID: cisco-sa-20110223-telepresence-ctms Revision 1.0 For Public Release 2011 February 23...
CVE-2011-0390
The XML-RPC implementation on Cisco TelePresence Multipoint Switch CTMS devices with software 1.0.x, 1.1.x, 1.5.x, 1.6.x, and 1.7.0 allows remote attackers to cause a denial of service process crash via a crafted request, aka Bug ID CSCtj44534...
CVE-2011-0392
Cisco TelePresence Recording Server devices with software 1.6.x do not require authentication for an XML-RPC interface, which allows remote attackers to perform unspecified actions via a session on TCP port 8080, aka Bug ID CSCtg35833...
CVE-2011-0378
The XML-RPC implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote attackers to execute arbitrary commands via a TCP request, related to a "command injection vulnerability," aka Bug ID CSCtb52587...
CVE-2011-0386
The XML-RPC implementation on Cisco TelePresence Recording Server devices with software 1.6.x and 1.7.x before 1.7.1 allows remote attackers to overwrite files and consequently execute arbitrary code via a malformed request, aka Bug ID CSCti50739...
Design/Logic Flaw
The XML-RPC implementation on Cisco TelePresence Multipoint Switch CTMS devices with software 1.0.x, 1.1.x, 1.5.x, 1.6.x, and 1.7.0 allows remote attackers to cause a denial of service process crash via a crafted request, aka Bug ID CSCtj44534...
Design/Logic Flaw
The XML-RPC implementation on Cisco TelePresence Recording Server devices with software 1.6.x and 1.7.x before 1.7.1 allows remote attackers to overwrite files and consequently execute arbitrary code via a malformed request, aka Bug ID CSCti50739...