CVE-2010-0599

Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 does not encrypt XML RPC sessions from operator workstations, which allows remote...

Code injection

Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 does not encrypt XML RPC sessions from operator workstations, which allows remote...

Design/Logic Flaw

Unspecified vulnerability in Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 allows remote authenticated users to read or modify the...

CVE-2010-0597

CVE-2010-0597 affects Cisco Network Building Mediator (NBM) products via the Mediator Framework. Vulnerable are Cisco NBM-2400/4800 and Richards‑Zeta Mediator 2500 firmware releases: Mediator Framework 1.5.x before 1.5.1.build.14-eng, 2.2.x before 2.2.1.dev.1, and 3.0.x before 3.0.9.release.1. An...

CVE-2010-0597

Unspecified vulnerability in Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 allows remote authenticated users to read or modify the...

CVE-2010-0599

Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 does not encrypt XML RPC sessions from operator workstations, which allows remote...

CVE-2010-0599

CVE-2010-0599 affects Cisco Network Building Mediator (NBM) families: Mediator Framework on NBM-2400/4800 and Richards-Zeta Mediator 2500. Root cause: XML-RPC sessions from operator workstations were not encrypted, enabling remote attackers to sniff credentials (admin credentials). Impact: unauth...

CVE-2010-0600

Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 does not properly restrict network access to an unspecified configuration file, which...

openSUSE Security Update : apache2-mod_php5 (openSUSE-SU-2010:0255-2)

Incomplete XML RPC requests could crash the php interpreter CVE-2010-0397. PHP was updated to version 5.2.12 to fix the problem. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

openSUSE Security Update : apache2-mod_php5 (openSUSE-SU-2010:0255-1)

Incomplete XML RPC requests could crash the php interpreter CVE-2010-0397. PHP was updated to version 5.3.2 to fix the problem. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

SOAP and XML-RPC APIs return too much information

The SOAP and XML-RPC APIs return more information than is needed. This issue corrects that problem. This issue is rated HIGH. Please see http://confluence.atlassian.com/x/ZILmD for more security related issues and information on how we rate our issues...

SOAP and XML-RPC APIs return too much information

The SOAP and XML-RPC APIs return more information than is needed. This issue corrects that problem. This issue is rated HIGH. Please see http://confluence.atlassian.com/x/ZILmD for more security related issues and information on how we rate our issues...

[SECURITY] [DSA-2018-1] New php5 packages fix null pointer dereference

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-2018-1 [email protected] http://www.debian.org/security/ Raphael Geissert March 18, 2010 http://www.debian.org/security/faq -...

PHP DoS

Crash on XML-RPC requests processing...

Debian DSA-2018-1 : php5 - DoS (crash)

Auke van Slooten discovered that PHP 5, an hypertext preprocessor, crashes because of a NULL pointer dereference when processing invalid XML-RPC requests. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Securit...

DSA-2018-1 php5 - null pointer dereference

Bulletin has no description...

PHP 5.3.2 'xmlrpc' Extension - Multiple Remote Denial of Service Vulnerabilities

source: https://www.securityfocus.com/bid/38708/info PHP's xmlrpc extension library is prone to multiple denial-of-service vulnerabilities because it fails to properly handle crafted XML-RPC requests. Exploiting these issues allows remote attackers to cause denial-of-service conditions in the...

Ubuntu 9.10 : xmlrpc-c vulnerabilities (USN-890-5)

USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for XML-RPC for C and C++. Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening ...

Ubuntu Update for xmlrpc-c vulnerabilities USN-890-5

Ubuntu Update for Linux kernel vulnerabilities USN-890-5 OpenVAS Vulnerability Test $Id: gbubuntuUSN8905.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for xmlrpc-c vulnerabilities USN-890-5 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...

USN-890-5: XML-RPC for C and C++ vulnerabilities

USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for XML-RPC for C and C++. Original advisory details: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat...