JSON-RPC - API Security Blog

CPP-Ethereum JSON-RPC miner_stop improper authorization Vulnerability

### Summary An exploitable improper authorization vulnerability exists in miner_stop API of cpp-ethereumâs JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an ...

July 01, 2023

CVSS3 - HIGH

CVSS2 - MEDIUM

Vulnerability Spotlight: Multiple Vulnerabilities in the CPP and Parity Ethereum Client

Vulnerabilities discovered by Marcin Noga of Cisco Talos. #### Overview Talos is disclosing the presence of multiple vulnerabilities in the CPP and the Parity Ethereum clients. **TALOS-2017-0503 / ...

July 01, 2023

CPP-Ethereum JSON-RPC Denial Of Service Vulnerabilities(CVE-2017-12119)

### Summary An exploitable unhandled exception vulnerability exists in multiple APIs of CPP-Ethereum's JSON-RPC. Specially crafted JSON requests can cause a unhandled exception resulting in denial of ...

July 01, 2023

Transmission – RPC DNS Rebinding

Transmission - RPC DNS RebindingRead More ...

July 01, 2023

Monero: Corrupt RPC responses from remote daemon nodes can lead to transaction tracing

Dear Monero security team, Weâre writing to disclose a privacy vulnerability when using monero-cli or monero-gui with an untrusted remote node. When using a remote node, the Monero client rel ...

July 01, 2023

Zabbix Web Interface Detection

The remote web server is running the web interface for Zabbix, an open source distributed monitoring system.Read More ...

June 30, 2023

Zenoss 3.2.1 – (Authenticated) Remote Command Execution

Zenoss 3.2.1 - (Authenticated) Remote Command ExecutionRead More ...

June 30, 2023

JSON-RPC API functions available anonymously even though anonymous API access is disabled.

The summary says it all really. The functions listed below can be used on our confluence service even though we have Anonymous API Access disabled (check box not checked in admin control panel). This ...

June 30, 2023