CVE-2022-35411 : RPC.PY UP TO 0.6.0 HTTP HEADER SERIALIZER DESERIALIZATION

Description

rpc.py through 0.6.0 allows Remote Code Execution because an unpickle occurs when the “serializer: pickle” HTTP header is sent. In other words, although JSON (not Pickle) is the default data format, an unauthenticated client can cause the data to be processed with unpickle.

References

https://github.com/abersheeran/rpc.py/commit/491e7a841ed9a754796d6ab047a9fb16e23bf8bd

https://github.com/ehtec/rpcpy-exploit

https://medium.com/@elias.hohl/remote-code-execution-0-day-in-rpc-py-709c76690c30

For More Information

MITRE

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2022-36310 : AIRSPAN AIRVELOCITY 1500 PRIOR 15.18.00.2511 SNMPD INHERENTLY DANGEROUS FUNCTION

CVE-2022-36310 : AIRSPAN AIRVELOCITY 1500 PRIOR 15.18.00.2511 SNMPD INHERENTLY DANGEROUS FUNCTION

Description Airspan AirVelocity 1500 software prior to version 15.18.00.2511 had NET-SNMP-EXTEND-MIB enabled on its snmpd service, enabling an attacker with

CVE-2022-2814 : SOURCECODESTER SIMPLE AND NICE SHOPPING CART SCRIPT /MKSHOPE/LOGIN.PHP MSG CROSS SITE SCRIPTING

CVE-2022-2814 : SOURCECODESTER SIMPLE AND NICE SHOPPING CART SCRIPT /MKSHOPE/LOGIN.PHP MSG CROSS SITE SCRIPTING

Description A vulnerability has been found in SourceCodester Simple and Nice Shopping Cart Script and classified as problematic. Affected by

CVE-2022-37397 : YUGABYTEDB 2.6.1 LDAP AUTHENTICATION CONFIG

CVE-2022-37397 : YUGABYTEDB 2.6.1 LDAP AUTHENTICATION CONFIG

Description An issue was discovered in the YugabyteDB 2.6.1 when using LDAP-based authentication in YCQL with Microsoft’s Active Directory. When