22 matches found
EUVD-2018-8603
Malware in sbrugna...
EUVD-2013-1666
Malware in sbrugna...
EUVD-2022-33812
Malicious code in bioql PyPI...
CIMTechniques CIMScan SQL Code Execution Vulnerability
CIMTechniques CIMScan is a critical infrastructure monitoring system from CIMTechniques, Inc. The system can be used to detect temperature, humidity and other variables in infrastructure environments.SOAP WSDL parser is one of the SOAP WSDL Web Services Description Language parsers. CIMTechniques...
Code injection
In CIMTechniques CIMScan 6.x through 6.2, the SOAP WSDL parser allows attackers to execute SQL code...
CVE-2018-16803
In CIMTechniques CIMScan 6.x through 6.2, the SOAP WSDL parser allows attackers to execute SQL code...
Ricoh myPrint Hardcoded Credentials / Information Disclosure
Exploit Title: Ricoh myPrint - Hardcoded application credentials and information disclosure via WSDL webservices Google Dork: intitle:"ricoh myprint" "Copyright Ricoh. All Rights Reserved" Date: 19-11-18 Exploit Author: Hodorsec Vendor Homepage: https://www.ricoh.com Software Link:...
U.S. Dept Of Defense: SOAP WSDL Parser SQL Code Execution
Summary: SOAP WSDL Parser SQL Code Execution Description: It was possible to parse WSDL resources and read all functions from the SOAP Admin Panel, therefor i was able to repeat the sql query with a tampered request with my own custom SQL command. i was able to extract all the database names for...
The vulnerability of the SOAP WSDL Parser module of the Microsoft .NET Framework allows a perpetrator to execute arbitrary code.
A vulnerability exists in the IsValidUrl method of the SOAP WSDL parser module of the Microsoft .NET Framework. This vulnerability arises due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to execute arbitrary code using a...
PT-2017-2916
Name of the Vulnerable Software and Affected Versions Microsoft .NET Framework versions 2.0 through 4.7 Description A remote code execution issue exists due to insufficient input validation in the IsValidUrl method of the SOAP WSDL Parser module. This allows an attacker to execute arbitrary code...
CVE-2013-1824
The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue in the soapxmlParseFile and...
F5 Networks BIG-IP : SOAP parser vulnerability (SOL15879)
The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue in the soapxmlParseFile and...
RHEL 5 : php53 (RHSA-2013:1307)
The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:1307 advisory. - php: paths with NULL character were considered valid CVE-2006-7243 - PHP: sapiheaderop %0D sequence handling security bypass CVE-2011-1398...
CVE-2013-1824
The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue in the soapxmlParseFile and...
Updated python-suds package fixes security vulnerability
An insecure temporary directory use flaw was found in the way python-suds performed initialization of its internal file-based URL cache predictable location was used for directory to store the cached files. A local attacker could use this flaw to conduct symbolic link attacks, possibly leading to...
Mandriva Linux Security Advisory : php (MDVSA-2013:114)
Multiple vulnerabilities has been discovered and corrected in php : ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not validate the relationship between the soap.wsdlcachedir directive and the openbasedir directive, which allows remote attackers to bypass intended access...
Ubuntu Update for php5 USN-1761-1
Check for the Version of php5 OpenVAS Vulnerability Test $Id: gbubuntuUSN17611.nasl 7958 2017-12-01 06:47:47Z santu $ Ubuntu Update for php5 USN-1761-1 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you...
Ubuntu 8.04 LTS / 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : php5 vulnerability (USN-1761-1)
It was discovered that PHP incorrectly handled XML external entities in SOAP WSDL files. A remote attacker could use this flaw to read arbitrary files off the server. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenab...
CVE-2013-1635
ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not validate the relationship between the soap.wsdlcachedir directive and the openbasedir directive, which allows remote attackers to bypass intended access restrictions by triggering the creation of cached SOAP WSDL files in an...
Directory traversal
ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not validate the relationship between the soap.wsdlcachedir directive and the openbasedir directive, which allows remote attackers to bypass intended access restrictions by triggering the creation of cached SOAP WSDL files in an...