195 matches found
Six Apart Movable Type 操作系统命令注入漏洞
Six Apart Movable Type is an application from Six Apart, Inc. A command injection vulnerability exists in Six Apart Movable Type due to incorrect input validation in the Movable Type XMLRPC API, which can be exploited by an unauthenticated remote attacker to execute arbitrary operating system...
Metasploit Wrap-Up
Keep your eyes peeled for another Metasploit CTF We hosted our third Annualish Metasploit CTF back in January of this year. All 1,000 slots were booked within days of announcing the competition. Because of the resounding success, we'll be hosting the fourth Annualish Metasploit CTF by year’s end...
The ugidd RPC interface by design allows remote attackers to enumerate valid usernames by specifying arbitrary UIDs that ugidd maps to local user and group names.
...
Design/Logic Flaw
Profinet-IO PNIO stack versions prior V06.00 do not properly limit internal resource allocation when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. This could lead to a denial of service condition due to lack of memory for devices that include a vulnerable...
CVE-2019-13946
Profinet-IO PNIO stack versions prior V06.00 do not properly limit internal resource allocation when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. This could lead to a denial of service condition due to lack of memory for devices that include a vulnerable...
MyEtherWallet: Local Storage Custom Node Credentials Leak
Summary Credentials for a custom node are stored in plain text inside Local Storage on the user's machine. If this node is configured in a certain way this could lead to the theft of any funds in accounts attached to this node, by a local attacker. And if not configured this way, an attacker coul...
Improper access control
A potential improper access control vulnerability exists in the JSON-RPC interface of the Bosch Smart Home Controller SHC before 9.8.905 that may result in a successful denial of service of the SHC and connected sensors and actuators. In order to exploit the vulnerability, the adversary needs to...
CVE-2019-11892
A potential improper access control vulnerability exists in the JSON-RPC interface of the Bosch Smart Home Controller SHC before 9.8.905 that may result in reading or modification of the SHC's configuration or triggering and restoring backups. In order to exploit the vulnerability, the adversary...
CVE-2019-11895 Improper access control in the JSON-RPC interface of the Bosch Smart Home Controller (SHC)
A potential improper access control vulnerability exists in the JSON-RPC interface of the Bosch Smart Home Controller SHC before 9.8.905 that may result in a successful denial of service of the SHC and connected sensors and actuators. In order to exploit the vulnerability, the adversary needs to...
CVE-2019-11892
The CVE-2019-11892 issue affects the Bosch Smart Home Controller (SHC) JSON-RPC interface. Affected component: SHC’s JSON-RPC layer. Root cause: improper access control could allow reading or modification of SHC configuration and could trigger and restore backups. Exploitation requirements: an at...
VirtualBox 6.0.4 r128413 - COM RPC Interface Code Injection Host Privilege Escalation Exploit
Exploit for windows platform in category local exploits VirtualBox: COM RPC Interface Code Injection Host EoP Platform: VirtualBox 6.0.4 r128413 x64 on Windows 10 1809 Class: Elevation of Privilege Summary: The hardened VirtualBox process on a Windows host doesn’t secure its COM interface leading...
VirtualBox 6.0.4 r128413 - COM RPC Interface Code Injection Host Privilege Escalation
VirtualBox: COM RPC Interface Code Injection Host EoP Platform: VirtualBox 6.0.4 r128413 x64 on Windows 10 1809 Class: Elevation of Privilege Summary: The hardened VirtualBox process on a Windows host doesn’t secure its COM interface leading to arbitrary code injection and EoP. Description: This...
XML External Entity (XXE)
spacewalk-java is vulnerable to XML External Entity XXE attacks. The vulnerability exists as the RPC interface in Spacewalk and Red Hat Network RHN Satellite 5.7 and earlier allows remote attackers to read arbitrary files and possibly have other unspecified impact via unknown vectors...
CVE-2018-15490
An issue was discovered in ExpressVPN on Windows. The Xvpnd.exe process which runs as a service with SYSTEM privileges listens on TCP port 2015, which is used as an RPC interface for communication with the client side of the ExpressVPN application. A JSON-RPC protocol over HTTP is used for...
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of June 11, 2018
As a native Texan, I’ve seen more than my fair share of bugs - actual physical bugs that love the hot, humid Texas climate and my curly hair for some reason. The Zero Day Initiative ZDI sees many bugs of the software variety, including those that affect SCADA control systems. Fritz Sands recently...
mp3.com Improper Access Control vulnerability
Open Bug Bounty ID: OBB-627003 Description| Value ---|--- Affected Website:| mp3.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Wordpress Vulnerability Type:| IAC Improper Access Control / CWE-284 CVSSv3 Score:| 6.5...
WordPress XML-RPC Interface Detected
A public facing WordPress XML-RPC interface has been detected. An attacker may be able to launch attacks against the web server Via XML-RPC including: - Login into WordPress backend Administrative interface - Brute force user credentials - Use pingbacks for scanning or fingerprinting for example ...
supervisor: Command injection via malicious XML-RPC request
A vulnerability was found in the XML-RPC interface in supervisord. When processing malformed commands, an attacker can cause arbitrary shell commands to be executed on the server as the same user as supervisord. Exploitation requires the attacker to first be authenticated to the supervisord servi...
Design/Logic Flaw
An FBX-5312 issue was discovered in WatchGuard Fireware before 12.0. If a login attempt is made in the XML-RPC interface with an XML message containing an empty member element, the wgagent crashes, logging out any user with a session opened in the UI. By continuously executing the failed login...
Design/Logic Flaw
An FBX-5313 issue was discovered in WatchGuard Fireware before 12.0. When a failed login attempt is made to the login endpoint of the XML-RPC interface, if JavaScript code, properly encoded to be consumed by XML parsers, is embedded as value of the user element, the code will be rendered in the...