Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xml-rpc vulnerabilities and exploits
(subscribe to this query)
4.9
CVSSv2
CVE-2007-1893
xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users with the contributor role to bypass intended access restrictions and invoke the publish_posts functionality, which can be used to "publish a previously saved post."
Wordpress Wordpress
4.3
CVSSv2
CVE-2020-9496
XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03
Apache Ofbiz 17.12.03
11 Github repositories
4.3
CVSSv2
CVE-2019-16935
The documentation XML-RPC server in Python up to and including 2.7.16, 3.x up to and including 3.6.9, and 3.7.x up to and including 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_ser...
Python Python
Debian Debian Linux 9.0
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 12.04
4.3
CVSSv2
CVE-2017-14615
An FBX-5313 issue exists in WatchGuard Fireware prior to 12.0. When a failed login attempt is made to the login endpoint of the XML-RPC interface, if JavaScript code, properly encoded to be consumed by XML parsers, is embedded as value of the user element, the code will be render...
Watchguard Fireware
4.3
CVSSv2
CVE-2012-6702
Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent malicious users to defeat cryptographic protection mechanisms via vectors involving use of the srand function.
Libexpat Project Libexpat
Google Android 5.0.2
Google Android 6.0.1
Google Android 6.0
Canonical Ubuntu Linux 12.04
Debian Debian Linux 8.0
Google Android 4.4.4
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 15.10
Canonical Ubuntu Linux 14.04
Google Android 5.1.1
4.3
CVSSv2
CVE-2012-0059
Spacewalk-backend in Red Hat Network (RHN) Satellite and Proxy 5.4 includes cleartext user passwords in an error message when a system registration XML-RPC call fails, which allows remote administrators to obtain the password by reading (1) the server log and (2) an email.
Redhat Network Proxy 5.4
Redhat Satellite 5.4
4.3
CVSSv2
CVE-2012-0876
The XML parser (xmlparse.c) in expat prior to 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent malicious users to cause a denial of service (CPU consumption) via an XML file with many identifiers wit...
Libexpat Project Libexpat
Python Python
Debian Debian Linux 7.0
Debian Debian Linux 6.0
Canonical Ubuntu Linux 11.04
Canonical Ubuntu Linux 11.10
Canonical Ubuntu Linux 8.04
Canonical Ubuntu Linux 10.04
Canonical Ubuntu Linux 12.04
Oracle Solaris 11.3
Redhat Enterprise Linux Server 5.0
Redhat Enterprise Linux Server Aus 6.2
Redhat Enterprise Linux Workstation 5.0
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
Redhat Enterprise Linux Desktop 5.0
Redhat Storage 2.0
Redhat Enterprise Linux Eus 6.2
4.3
CVSSv2
CVE-2007-1894
Cross-site scripting (XSS) vulnerability in wp-includes/general-template.php in WordPress prior to 20070309 allows remote malicious users to inject arbitrary web script or HTML via the year parameter in the wp_title function.
Wordpress Wordpress 2.0.2
Wordpress Wordpress 2.0.3
Wordpress Wordpress 2.1.2
Wordpress Wordpress 2.2 Revision5002
Wordpress Wordpress 2.0.4
Wordpress Wordpress 2.0.5
Wordpress Wordpress 2.0
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.1
Wordpress Wordpress 2.1.1
Wordpress Wordpress 2.0.6
Wordpress Wordpress 2.0.7
4.3
CVSSv2
CVE-2007-1622
Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordPress prior to 2.0.10 RC2, and prior to 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATH_INFO in the administration interfa...
Wordpress Wordpress 2.0
Wordpress Wordpress 2.1.1
Wordpress Wordpress 2.0.2
Wordpress Wordpress 2.1
Wordpress Wordpress 2.0.10 Rc1
Wordpress Wordpress 2.0.6
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.0.4
Wordpress Wordpress 2.0.7
Wordpress Wordpress 2.1.2
Wordpress Wordpress 2.0.5
Wordpress Wordpress 2.0.3
Wordpress Wordpress 2.1.3 Rc1
Wordpress Wordpress 2.0.10
1 EDB exploit
4.3
CVSSv2
CVE-2005-2761
Cross-site scripting (XSS) vulnerability in phpGroupWare 0.9.16.000 allows administrators to inject arbitrary web script or HTML by modifying the main screen message.
Phpgroupware Phpgroupware 0.9.16.000
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »