Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xml-rpc vulnerabilities and exploits
(subscribe to this query)
8.1
CVSSv3
CVE-2022-24335
JetBrains TeamCity prior to 2021.2 was vulnerable to a Time-of-check/Time-of-use (TOCTOU) race-condition attack in agent registration via XML-RPC.
Jetbrains Teamcity
NA
CVE-2008-1533
Unspecified vulnerability in the XML-RPC Blogger API plugin in Joomla! 1.5 allows remote malicious users to perform unauthorized article operations on articles via unknown vectors.
Joomla Joomla
9.8
CVSSv3
CVE-2023-43187
A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows malicious users to execute arbitrary code via crafted XML-RPC requests.
Nodebb Nodebb
NA
CVE-2008-2104
The WebService in Bugzilla 3.1.3 allows remote authenticated users without canconfirm privileges to create NEW or ASSIGNED bug entries via a request to the XML-RPC interface, which bypasses the canconfirm check.
Mozilla Bugzilla 3.1.3
8.1
CVSSv3
CVE-2016-4472
The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote malicious users to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete ...
Libexpat Project Libexpat
Canonical Ubuntu Linux 12.04
Mcafee Policy Auditor
Python Python
NA
CVE-2008-1475
The xml-rpc server in Roundup 1.4.4 does not check property permissions, which allows malicious users to bypass restrictions and edit or read restricted properties via the (1) list, (2) display, and (3) set methods.
Roundup-tracker Roundup 1.4.1
Roundup-tracker Roundup 1.4.0
Roundup-tracker Roundup 1.1.2
Roundup-tracker Roundup 1.1.1
Roundup-tracker Roundup 0.7.2
Roundup-tracker Roundup 0.7.1
Roundup-tracker Roundup 0.6.8
Roundup-tracker Roundup 0.6.7
Roundup-tracker Roundup 0.8.4
Roundup-tracker Roundup 0.8.5
Roundup-tracker Roundup 0.7.12
Roundup-tracker Roundup 0.6.11
Roundup-tracker Roundup 0.5.3
Roundup-tracker Roundup 0.5.4
Roundup-tracker Roundup 0.2.1
Roundup-tracker Roundup 0.2.0
Roundup-tracker Roundup 0.2.4
Roundup-tracker Roundup 0.2.7
Roundup-tracker Roundup 0.3.0
Roundup-tracker Roundup 0.4.0
Roundup-tracker Roundup 0.5.0
Roundup-tracker Roundup 0.6.2
NA
CVE-2007-3140
SQL injection vulnerability in xmlrpc.php in WordPress 2.2 allows remote authenticated users to execute arbitrary SQL commands via a parameter value in an XML RPC wp.suggestCategories methodCall, a different vector than CVE-2007-1897.
Wordpress Wordpress 2.2
1 EDB exploit
9.8
CVSSv3
CVE-2020-28035
WordPress prior to 5.5.2 allows malicious users to gain privileges via XML-RPC.
Wordpress Wordpress
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Debian Debian Linux 10.0
9.8
CVSSv3
CVE-2018-9866
A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System (GMS) virtual appliance's, allow remote user to execute arbitrary code. This vulnerability affected GMS version 8.1 and previous versions.
Sonicwall Global Management System
NA
CVE-2014-5035
The Netconf (TCP) service in OpenDaylight 1.0 allows remote malicious users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference in an XML-RPC message, related to an XML External Entity (XXE) issue.
Opendaylight Opendaylight 1.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »