Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xml-rpc vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2008-1533
Unspecified vulnerability in the XML-RPC Blogger API plugin in Joomla! 1.5 allows remote malicious users to perform unauthorized article operations on articles via unknown vectors.
Joomla Joomla
NA
CVE-2023-43187
A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows malicious users to execute arbitrary code via crafted XML-RPC requests.
Nodebb Nodebb
6.8
CVSSv2
CVE-2016-4472
The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote malicious users to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete ...
Libexpat Project Libexpat
Canonical Ubuntu Linux 12.04
Mcafee Policy Auditor
Python Python
4
CVSSv2
CVE-2008-2104
The WebService in Bugzilla 3.1.3 allows remote authenticated users without canconfirm privileges to create NEW or ASSIGNED bug entries via a request to the XML-RPC interface, which bypasses the canconfirm check.
Mozilla Bugzilla 3.1.3
4.3
CVSSv2
CVE-2020-9496
XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03
Apache Ofbiz 17.12.03
11 Github repositories
6.4
CVSSv2
CVE-2008-1475
The xml-rpc server in Roundup 1.4.4 does not check property permissions, which allows malicious users to bypass restrictions and edit or read restricted properties via the (1) list, (2) display, and (3) set methods.
Roundup-tracker Roundup 1.4.1
Roundup-tracker Roundup 1.4.0
Roundup-tracker Roundup 1.1.2
Roundup-tracker Roundup 1.1.1
Roundup-tracker Roundup 0.7.2
Roundup-tracker Roundup 0.7.1
Roundup-tracker Roundup 0.6.8
Roundup-tracker Roundup 0.6.7
Roundup-tracker Roundup 0.8.4
Roundup-tracker Roundup 0.8.5
Roundup-tracker Roundup 0.7.12
Roundup-tracker Roundup 0.6.11
Roundup-tracker Roundup 0.5.3
Roundup-tracker Roundup 0.5.4
Roundup-tracker Roundup 0.2.1
Roundup-tracker Roundup 0.2.0
Roundup-tracker Roundup 0.2.4
Roundup-tracker Roundup 0.2.7
Roundup-tracker Roundup 0.3.0
Roundup-tracker Roundup 0.4.0
Roundup-tracker Roundup 0.5.0
Roundup-tracker Roundup 0.6.2
6.5
CVSSv2
CVE-2007-3140
SQL injection vulnerability in xmlrpc.php in WordPress 2.2 allows remote authenticated users to execute arbitrary SQL commands via a parameter value in an XML RPC wp.suggestCategories methodCall, a different vector than CVE-2007-1897.
Wordpress Wordpress 2.2
1 EDB exploit
7.5
CVSSv2
CVE-2020-28035
WordPress prior to 5.5.2 allows malicious users to gain privileges via XML-RPC.
Wordpress Wordpress
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Debian Debian Linux 10.0
7.5
CVSSv2
CVE-2018-9866
A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System (GMS) virtual appliance's, allow remote user to execute arbitrary code. This vulnerability affected GMS version 8.1 and previous versions.
Sonicwall Global Management System
7.5
CVSSv2
CVE-2014-0030
The XML-RPC protocol support in Apache Roller prior to 5.0.3 allows malicious users to conduct XML External Entity (XXE) attacks via unspecified vectors.
Apache Roller 4.0.1
Apache Roller 3.1
Apache Roller 4.0
Apache Roller 5.0
Apache Roller 5.0.1
Apache Roller 5.0.2
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »