WSDL - API Security Blog

Kentico CMS Staging SyncServer Unserialize Remote Command Execution

This module exploits a vulnerability in the Kentico CMS platform versions 12.0.14 and earlier. Remote Command Execution is possible via unauthenticated XML requests to the Staging Service SyncServer.a ...

June 24, 2022

Schneider Electric Pelco Endura NET55XX Encoder

This module exploits inadequate access controls within the webUI to enable the SSH service and change the root password. This module has been tested successfully on: NET5501, NET5501-I, NET5501-XT, NE ...

June 24, 2022

Ricoh myPrint 2.9.2.4 – Hard-Coded Credentials

Post ContentRead More ...

June 24, 2022

Ricoh myPrint 2.9.2.4 – Hard-Coded Credentials

Ricoh myPrint 2.9.2.4 - Hard-Coded CredentialsRead More ...

June 24, 2022

FruityWifi Remote Code Execution Exploit

This is an exploit for FruityWifi that binds a shell to tcp port 4444 using a remote code execution vulnerability leveraged via a SOAP request.Read More ...

June 23, 2022

Improper Restriction of XML External Entity Reference in soa-model

Soa-model is a toolkit and Java API for WSDL, WADL and XML Schema. An XML External Entity (XXE) vulnerability exists in versions of soa-model prior to 1.6.4 in the WSDLParser function. This issue has ...

June 23, 2022

FruityWifi Remote Code Execution

Post ContentRead More ...

June 23, 2022

CVE-2022-1026: Kyocera Net View Address Book Exposure

![CVE-2022-1026: Kyocera Net View Address Book Exposure](https://blog.rapid7.com/content/images/2022/03/kyocera-vuln.jpg) Rapid7 researcher Aaron Herndon has discovered that several models of Kyocera ...

June 23, 2022