Lucene search
K

195 matches found

CNNVD
CNNVD
added 2021/10/20 12:0 a.m.49 views

Six Apart Movable Type 操作系统命令注入漏洞

Six Apart Movable Type is an application from Six Apart, Inc. A command injection vulnerability exists in Six Apart Movable Type due to incorrect input validation in the Movable Type XMLRPC API, which can be exploited by an unauthenticated remote attacker to execute arbitrary operating system...

9.8CVSS6.3AI score0.88144EPSS
Exploits11References10
Rapid7 Blog
Rapid7 Blog
added 2020/10/30 4:27 p.m.40 views

Metasploit Wrap-Up

Keep your eyes peeled for another Metasploit CTF We hosted our third Annualish Metasploit CTF back in January of this year. All 1,000 slots were booked within days of announcing the competition. Because of the resounding success, we'll be hosting the fourth Annualish Metasploit CTF by year’s end...

7.2AI score
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/09/25 7:0 a.m.5 views

The ugidd RPC interface by design allows remote attackers to enumerate valid usernames by specifying arbitrary UIDs that ugidd maps to local user and group names.

...

5CVSS7AI score0.01551EPSS
Exploits0
Prion
Prion
added 2020/02/11 4:15 p.m.22 views

Design/Logic Flaw

Profinet-IO PNIO stack versions prior V06.00 do not properly limit internal resource allocation when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. This could lead to a denial of service condition due to lack of memory for devices that include a vulnerable...

7.8CVSS7.4AI score0.01448EPSS
Exploits1References1Affected Software27
Cvelist
Cvelist
added 2020/02/11 3:36 p.m.42 views

CVE-2019-13946

Profinet-IO PNIO stack versions prior V06.00 do not properly limit internal resource allocation when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. This could lead to a denial of service condition due to lack of memory for devices that include a vulnerable...

7.5CVSS7.4AI score0.01448EPSS
Exploits1References2
Hacker One
Hacker One
added 2019/08/05 3:10 p.m.54 views

MyEtherWallet: Local Storage Custom Node Credentials Leak

Summary Credentials for a custom node are stored in plain text inside Local Storage on the user's machine. If this node is configured in a certain way this could lead to the theft of any funds in accounts attached to this node, by a local attacker. And if not configured this way, an attacker coul...

7AI score
Exploits0
Prion
Prion
added 2019/05/29 9:29 p.m.17 views

Improper access control

A potential improper access control vulnerability exists in the JSON-RPC interface of the Bosch Smart Home Controller SHC before 9.8.905 that may result in a successful denial of service of the SHC and connected sensors and actuators. In order to exploit the vulnerability, the adversary needs to...

7.1CVSS5.3AI score0.00981EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2019/05/29 8:29 p.m.24 views

CVE-2019-11892

A potential improper access control vulnerability exists in the JSON-RPC interface of the Bosch Smart Home Controller SHC before 9.8.905 that may result in reading or modification of the SHC's configuration or triggering and restoring backups. In order to exploit the vulnerability, the adversary...

8CVSS7.6AI score0.01029EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/05/29 8:7 p.m.25 views

CVE-2019-11895 Improper access control in the JSON-RPC interface of the Bosch Smart Home Controller (SHC)

A potential improper access control vulnerability exists in the JSON-RPC interface of the Bosch Smart Home Controller SHC before 9.8.905 that may result in a successful denial of service of the SHC and connected sensors and actuators. In order to exploit the vulnerability, the adversary needs to...

5.3CVSS5.3AI score0.00981EPSS
Exploits0References1
CVE
CVE
added 2019/05/29 7:55 p.m.150 views

CVE-2019-11892

The CVE-2019-11892 issue affects the Bosch Smart Home Controller (SHC) JSON-RPC interface. Affected component: SHC’s JSON-RPC layer. Root cause: improper access control could allow reading or modification of SHC configuration and could trigger and restore backups. Exploitation requirements: an at...

8CVSS7.7AI score0.01029EPSS
Exploits0References1Affected Software1
0day.today
0day.today
added 2019/04/24 12:0 a.m.79 views

VirtualBox 6.0.4 r128413 - COM RPC Interface Code Injection Host Privilege Escalation Exploit

Exploit for windows platform in category local exploits VirtualBox: COM RPC Interface Code Injection Host EoP Platform: VirtualBox 6.0.4 r128413 x64 on Windows 10 1809 Class: Elevation of Privilege Summary: The hardened VirtualBox process on a Windows host doesn’t secure its COM interface leading...

4.6CVSS0.4AI score0.02231EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/04/24 12:0 a.m.98 views

VirtualBox 6.0.4 r128413 - COM RPC Interface Code Injection Host Privilege Escalation

VirtualBox: COM RPC Interface Code Injection Host EoP Platform: VirtualBox 6.0.4 r128413 x64 on Windows 10 1809 Class: Elevation of Privilege Summary: The hardened VirtualBox process on a Windows host doesn’t secure its COM interface leading to arbitrary code injection and EoP. Description: This...

8.8CVSS8.7AI score0.01619EPSS
Exploits4
Veracode
Veracode
added 2019/01/15 9:6 a.m.22 views

XML External Entity (XXE)

spacewalk-java is vulnerable to XML External Entity XXE attacks. The vulnerability exists as the RPC interface in Spacewalk and Red Hat Network RHN Satellite 5.7 and earlier allows remote attackers to read arbitrary files and possibly have other unspecified impact via unknown vectors...

7.5CVSS6.5AI score0.02694EPSS
Exploits0References8Affected Software2
NVD
NVD
added 2019/01/02 6:29 p.m.18 views

CVE-2018-15490

An issue was discovered in ExpressVPN on Windows. The Xvpnd.exe process which runs as a service with SYSTEM privileges listens on TCP port 2015, which is used as an RPC interface for communication with the client side of the ExpressVPN application. A JSON-RPC protocol over HTTP is used for...

7.1CVSS6.9AI score0.00609EPSS
Exploits0References1
Trend Micro Simply Security
Trend Micro Simply Security
added 2018/06/15 12:39 p.m.211 views

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of June 11, 2018

As a native Texan, I’ve seen more than my fair share of bugs - actual physical bugs that love the hot, humid Texas climate and my curly hair for some reason. The Zero Day Initiative ZDI sees many bugs of the software variety, including those that affect SCADA control systems. Fritz Sands recently...

9.3CVSS6.9AI score0.7131EPSS
Exploits8
Openbugbounty
Openbugbounty
added 2018/06/04 12:23 p.m.12 views

mp3.com Improper Access Control vulnerability

Open Bug Bounty ID: OBB-627003 Description| Value ---|--- Affected Website:| mp3.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Wordpress Vulnerability Type:| IAC Improper Access Control / CWE-284 CVSSv3 Score:| 6.5...

Exploits0
Tenable Nessus
Tenable Nessus
added 2018/05/11 12:0 a.m.31 views

WordPress XML-RPC Interface Detected

A public facing WordPress XML-RPC interface has been detected. An attacker may be able to launch attacks against the web server Via XML-RPC including: - Login into WordPress backend Administrative interface - Brute force user credentials - Use pingbacks for scanning or fingerprinting for example ...

7.3AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2017/10/24 12:15 a.m.7 views

supervisor: Command injection via malicious XML-RPC request

A vulnerability was found in the XML-RPC interface in supervisord. When processing malformed commands, an attacker can cause arbitrary shell commands to be executed on the server as the same user as supervisord. Exploitation requires the attacker to first be authenticated to the supervisord servi...

9CVSS7.4AI score0.87544EPSS
Exploits10References4
Prion
Prion
added 2017/09/20 8:29 p.m.20 views

Design/Logic Flaw

An FBX-5312 issue was discovered in WatchGuard Fireware before 12.0. If a login attempt is made in the XML-RPC interface with an XML message containing an empty member element, the wgagent crashes, logging out any user with a session opened in the UI. By continuously executing the failed login...

7.8CVSS7.5AI score0.01641EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2017/09/20 8:29 p.m.20 views

Design/Logic Flaw

An FBX-5313 issue was discovered in WatchGuard Fireware before 12.0. When a failed login attempt is made to the login endpoint of the XML-RPC interface, if JavaScript code, properly encoded to be consumed by XML parsers, is embedded as value of the user element, the code will be rendered in the...

4.3CVSS6.2AI score0.0095EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder