XML-RPC – API Security Blog

AlmaLinux 8 : ruby:2.5 (5779) (ALSA-2022:5779)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:5779 advisory. - Date.parse in the date gem through 3.2.0 for Ruby all ...

August 10, 2022

ALSA-2022:5779: ruby:2.5 security update (Moderate)

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix(es): * ruby: Regular expression deni ...

August 10, 2022

CVSS3 - HIGH

CVSS2 - MEDIUM

Metasploit Weekly Wrap-Up

## Log4Shell in MobileIron Core ![Metasploit Weekly Wrap-Up](https://blog.rapid7.com/content/images/2022/08/metasploit-ascii-1-2.png) Thanks to [jbaines-r7]() we have yet another Log4Shell [exploit]( ...

August 05, 2022

CVSS3 - CRITICAL

CVSS2 - HIGH

Fixed CVE-2021-21702 in php

- CVE-2021-21702: Fix null pointer dereference in Soap ClientRead More ...

August 04, 2022

CVSS3 - HIGH

CVSS2 - MEDIUM

Oracle Linux 8 : ruby:2.5 (ELSA-2022-5779)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-5779 advisory. - Date.parse in the date gem through 3.2.0 for Ruby ...

August 04, 2022

Zoho Password Manager Pro XML-RPC Java Deserialization Exploit

This Metasploit module exploits a Java deserialization vulnerability in Zoho ManageEngine Pro before 12101 and PAM360 before 5510. Unauthenticated attackers can send a crafted XML-RPC request contain ...

August 04, 2022

CVSS3 - CRITICAL

ruby:2.5 security update

ruby [2.5.9-110] - Fix FTBFS due to an incompatible load directive. - Fix a fiddle import test on an optimized glibc on Power 9. - Fix by adding length limit option for methods that parses date strin ...

August 03, 2022

CVSS3 - HIGH

CVSS2 - MEDIUM

Zoho Password Manager Pro XML-RPC Java Deserialization

Post ContentRead More ...

August 03, 2022

CVSS3 - CRITICAL