Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php xml rpc vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2019-5434
An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize() call on the "what" parameter in the "openads.spc" RPC method. Such vulnerability could be used to perform various types of attacks, e.g. exploi...
Revive-sas Revive Adserver
1 EDB exploit
9.8
CVSSv3
CVE-2019-9020
An issue exists in PHP prior to 5.6.40, 7.x prior to 7.1.26, 7.2.x prior to 7.2.14, and 7.3.x prior to 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in ...
Php Php
Debian Debian Linux 9.0
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 16.04
Netapp Storage Automation Store -
Opensuse Leap 42.3
9.8
CVSSv3
CVE-2019-9021
An issue exists in PHP prior to 5.6.40, 7.x prior to 7.1.26, 7.2.x prior to 7.2.14, and 7.3.x prior to 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an malicious user to read allocated or unallocated memory past the actual data whe...
Php Php
Debian Debian Linux 9.0
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Netapp Storage Automation Store -
Opensuse Leap 42.3
9.8
CVSSv3
CVE-2019-9023
An issue exists in PHP prior to 5.6.40, 7.x prior to 7.1.26, 7.2.x prior to 7.2.14, and 7.3.x prior to 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstr...
Php Php
Debian Debian Linux 9.0
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 16.04
Netapp Storage Automation Store -
Opensuse Leap 42.3
7.5
CVSSv3
CVE-2019-9022
An issue exists in PHP 7.x prior to 7.1.26, 7.2.x prior to 7.2.14, and 7.3.x prior to 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This ...
Php Php
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Netapp Storage Automation Store -
7.5
CVSSv3
CVE-2019-9024
An issue exists in PHP prior to 5.6.40, 7.x prior to 7.1.26, 7.2.x prior to 7.2.14, and 7.3.x prior to 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c.
Php Php
Debian Debian Linux 9.0
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Netapp Storage Automation Store -
Opensuse Leap 42.3
NA
CVE-2006-0868
Multiple unspecified injection vulnerabilities in unspecified Auth Container back ends for PEAR::Auth prior to 1.2.4, and 1.3.x prior to 1.3.0r4, allow remote malicious users to "falsify authentication credentials," related to the "underlying storage containers.&qu...
Pear Xml Rpc 1.0.2
Pear Xml Rpc 1.0.3
Pear Xml Rpc 1.2.0rc5
Pear Xml Rpc 1.2.0rc6
Pear Xml Rpc 1.0.4
Pear Xml Rpc 1.1.0
Pear Xml Rpc 1.2.0
Pear Xml Rpc 1.2.0rc7
Pear Xml Rpc 1.2.1
Pear Xml Rpc 1.2.0rc3
Pear Xml Rpc 1.2.0rc4
Pear Xml Rpc 1.3.0rc2
Pear Xml Rpc 1.3.0rc3
Pear Xml Rpc 1.2.0rc1
Pear Xml Rpc 1.2.0rc2
Pear Xml Rpc 1.2.2
Pear Xml Rpc 1.3.0rc1
NA
CVE-2005-2761
Cross-site scripting (XSS) vulnerability in phpGroupWare 0.9.16.000 allows administrators to inject arbitrary web script or HTML by modifying the main screen message.
Phpgroupware Phpgroupware 0.9.16.000
NA
CVE-2005-2600
FUDForum 2.6.15 with "Tree View" enabled, as used in other products such as phpgroupware and egroupware, allows remote malicious users to read private posts via a modified mid parameter.
Ilia Alshanetsky Fudforum 2.6.15
NA
CVE-2005-2498
Eval injection vulnerability in PHPXMLRPC 1.1.1 and previous versions (PEAR XML-RPC for PHP), as used in multiple products including (1) Drupal, (2) phpAdsNew, (3) phpPgAds, and (4) phpgroupware, allows remote malicious users to execute arbitrary PHP code via certain nested XML t...
Gggeek Phpxmlrpc
Debian Debian Linux 3.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »