XML-RPC - API Security Blog

Important: php

Issue Overview: An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() du ...

14 декабря, 2023

Amazon Linux 2 : ruby (ALASRUBY2.6-2023-007)

The version of ruby installed on the remote host is prior to 2.6.6-125. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2RUBY2.6-2023-007 advisory. - jQuery before 1. ...

14 декабря, 2023

Amazon Linux 2 : php (ALAS-2023-2375)

The version of php installed on the remote host is prior to 5.4.16-46. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2375 advisory. An issue was discovered i ...

14 декабря, 2023

Amazon Linux 2 : ruby (ALASRUBY2.6-2023-003)

The version of ruby installed on the remote host is prior to 2.6.10-130. It is, therefore, affected by a vulnerability as referenced in the ALAS2RUBY2.6-2023-003 advisory. - The cgi gem before 0.1.0 ...

14 декабря, 2023

Apache OFBiz < 18.12.10 – Arbitrary Code Execution

Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before...Read More ...

14 декабря, 2023

Amazon Linux 2 : ruby (ALASRUBY2.6-2023-002)

The version of ruby installed on the remote host is prior to 2.6.9-129. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2RUBY2.6-2023-002 advisory. - Date.parse in th ...

14 декабря, 2023

CVE-2023-49967

Typecho v1.2.1 was discovered to be vulnerable to an XML Quadratic Blowup attack via the component...Read More ...

14 декабря, 2023

Amazon Linux 2 : ruby (ALASRUBY2.6-2023-005)

The version of ruby installed on the remote host is prior to 2.6.7-126. It is, therefore, affected by a vulnerability as referenced in the ALAS2RUBY2.6-2023-005 advisory. - In RDoc 3.11 through 6.x ...

14 декабря, 2023