CVE-2025-67089

A command injection vulnerability exists in the GL-iNet GL-AXT1800 router firmware v4.6.8. The vulnerability is present in the plugins.installpackage RPC method, which fails to properly sanitize user input in package names. Authenticated attackers can exploit this to execute arbitrary commands wi...

EUVD-2013-6932

Malware in sbrugna...

EUVD-2018-13041

Malware in sbrugna...

EUVD-2018-2931

Malware in sbrugna...

Apache Storm Nimbus getTopologyHistory Unauthenticated Command Execution

This module exploits an unauthenticated command injection vulnerability within the Nimbus service component of Apache Storm. The getTopologyHistory RPC method method takes a single argument which is the name of a user which is concatenated into a string that is executed by bash. In order for the...

RedHat redhat-certification authorization issue vulnerability

Red Hat Certification is a software package from Red Hat USA. A security vulnerability exists in redhat-certification 7 that allows an unauthenticated user to invoke the "restart" RPC method on any accessible host. An attacker could exploit this vulnerability to cause a denial of service...

CVE-2018-10865

It was discovered that the /configuration view of redhat-certification 7 does not perform an authorization check and it allows an unauthenticated user to call a "restart" RPC method on any host accessible by the system, even if not belonging to him...

Authorization

It was discovered that the /configuration view of redhat-certification 7 does not perform an authorization check and it allows an unauthenticated user to call a "restart" RPC method on any host accessible by the system, even if not belonging to him...

CVE-2018-10865

It has been discovered that redhat-certification does not perform an authorization check and allows an unauthenticated user to call a "restart" RPC method on any host accessible by the system. An attacker could use this flaw to send requests to port 8009 of any host or to keep restarting the...

Revive Adserver deserialization vulnerability

Added: 12/16/2019 CVE: CVE-2019-5434 Background Revive Adserver is a free, open source ad serving system. Problem A deserialization vulnerability in Revive Adserver allows remote attackers to execute arbitrary commands injected into the what parameter of the openads.spc RPC method of adxmlrpc.php...

Revive Adserver deserialization vulnerability

Added: 12/16/2019 CVE: CVE-2019-5434 Background Revive Adserver is a free, open source ad serving system. Problem A deserialization vulnerability in Revive Adserver allows remote attackers to execute arbitrary commands injected into the what parameter of the openads.spc RPC method of adxmlrpc.php...

CVE-2015-5970

Novell ZENworks Configuration Management (ZCM) versions 11.3 and 11.4 are affected by an information-disclosure vulnerability in the ChangePassword RPC. The root cause is XPath injection triggered by malformed queries that reference a system entity, allowing an unauthenticated, remote attacker to...

CVE-2013-7149

SQL injection vulnerability in www/delivery/axmlrpc.php aka the XML-RPC delivery invocation script in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to execute arbitrary SQL commands via the what parameter to an XML-RPC method...

ZDI-11-278: Novell Cloud Manager Insufficient Framework User Validation Vulnerability

ZDI-11-278: Novell Cloud Manager Insufficient Framework User Validation Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-278 September 2, 2011 -- CVE ID: CVE-2011-2654 -- CVSS: 9.3, AV:N/AC:M/Au:N/C:C/I:C/A:C -- Affected Vendors: Novell -- Affected Products: Novell eDirectory --...

Novell Cloud Manager Insufficient Framework User Validation Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Cloud Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within how the application implements an RPC method. Due to incompletely initializing an...