XML-RPC - API Security Blog

ruby [2.5.9-110.0.1] - Fix for CVE-2022-28739 [Orabug: 34824177]Read More ...

21 января, 2023

CVSS3 - HIGH

CVSS2 - MEDIUM

Debian DSA-5318-1 : lava – security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5318 advisory. - In Linaro Automated Validation Architecture (LAVA) before 2022.11, use ...

14 января, 2023

SUSE SLES12 Security Update : php74 (SUSE-SU-2023:0072-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0072-1 advisory. - The GetCode_ function in gd_gif_in.c in GD ...

13 января, 2023

SUSE SLED15 / SLES15 Security Update : php7 (SUSE-SU-2023:0073-1)

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:0073-1 advisory. Note that Nessus has not tested for this issue ...

12 января, 2023

XML-RPC for PHP allows access to local files via malicious argument to the Client::send method

Abusing the `$method` argument of Client::send, it was possible to force the client to _access local files_ or _connect to undesired urls_ instead of the intended target server's url (the one used in ...

12 января, 2023

XML-RPC for PHP allows access to local files via malicious argument to the Client::send method

Abusing the `$method` argument of Client::send, it was possible to force the client to _access local files_ or _connect to undesired urls_ instead of the intended target server's url (the one used in ...

12 января, 2023

Exploit for XML Entity Expansion in Linaro Lava

# CVE-2022-44641 In Linaro Automated Validation Architecture (L...Read More ...

23 декабря, 2022

CVSS3 - MEDIUM

Exploit for Incorrect Authorization in Antihacker Project Antihacker

# CVE-2022-3880 The Disable Json API, Login Lockdown, XMLRPC, P...Read More ...

22 декабря, 2022

CVSS3 - MEDIUM