Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xml-rpc vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2017-14652
SQL Injection vulnerability in mobiquo/lib/classTTForum.php in the Tapatalk plugin prior to 4.5.8 for MyBB allows an unauthenticated remote malicious user to inject arbitrary SQL commands via an XML-RPC encoded document sent as part of the user registration process.
Tapatalk Tapatalk
7.5
CVSSv2
CVE-2014-0030
The XML-RPC protocol support in Apache Roller prior to 5.0.3 allows malicious users to conduct XML External Entity (XXE) attacks via unspecified vectors.
Apache Roller 4.0.1
Apache Roller 3.1
Apache Roller 4.0
Apache Roller 5.0
Apache Roller 5.0.1
Apache Roller 5.0.2
1 EDB exploit
6.5
CVSSv2
CVE-2010-5106
The XML-RPC remote publishing interface in xmlrpc.php in WordPress prior to 3.0.3 does not properly check capabilities, which allows remote authenticated users to bypass intended access restrictions, and publish, edit, or delete posts, by leveraging the Author or Contributor role...
Wordpress Wordpress 2.5.1
Wordpress Wordpress 2.1.3
Wordpress Wordpress 2.2.3
Wordpress Wordpress 2.3
Wordpress Wordpress 2.0.8
Wordpress Wordpress 2.8
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.0.10
Wordpress Wordpress 2.0.11
Wordpress Wordpress 2.6.2
Wordpress Wordpress 2.2
Wordpress Wordpress 2.3.3
Wordpress Wordpress 2.6
Wordpress Wordpress 2.0
Wordpress Wordpress 2.3.2
Wordpress Wordpress 2.0.5
Wordpress Wordpress 2.0.7
Wordpress Wordpress 2.9.1
Wordpress Wordpress 2.5
Wordpress Wordpress 2.8.5.2
Wordpress Wordpress 2.8.2
Wordpress Wordpress 1.5
7.5
CVSSv2
CVE-2020-16124
Integer Overflow or Wraparound vulnerability in the XML RPC library of OpenRobotics ros_comm communications packages allows unauthenticated network traffic to cause unexpected behavior. This issue affects: OpenRobotics ros_comm communications packages Noetic and prior versions. F...
Ros Ros-comm
5.1
CVSSv2
CVE-2012-0453
Cross-site request forgery (CSRF) vulnerability in xmlrpc.cgi in Bugzilla 4.0.2 up to and including 4.0.4 and 4.1.1 up to and including 4.2rc2, when mod_perl is used, allows remote malicious users to hijack the authentication of arbitrary users for requests that modify the produc...
Mozilla Bugzilla 4.0.2
Mozilla Bugzilla 4.0.3
Mozilla Bugzilla 4.0.4
Mozilla Bugzilla 4.1.1
Mozilla Bugzilla 4.1.2
Mozilla Bugzilla 4.2
Mozilla Bugzilla 4.1.3
7.5
CVSSv2
CVE-2016-5742
SQL injection vulnerability in the XML-RPC interface in Movable Type Pro and Advanced 6.x prior to 6.1.3 and 6.2.x prior to 6.2.6 and Movable Type Open Source 5.2.13 and previous versions allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Sixapart Movable Type 6.1.1
Sixapart Movable Type 6.1.0
Sixapart Movable Type 6.0.8
Sixapart Movable Type 6.0.1
Sixapart Movable Type 6.0
Sixapart Movable Type 6.0.7
Sixapart Movable Type 6.2.4
Sixapart Movable Type 6.2.2
Sixapart Movable Type 6.0.5
Sixapart Movable Type 6.0.4
Sixapart Movable Type 6.2.0
Sixapart Movable Type 6.1.2
Sixapart Movable Type 6.0.3
Sixapart Movable Type 6.0.2
Sixapart Movable Type Open Source
Sixapart Movable Type 6.0.6
4.3
CVSSv2
CVE-2012-0059
Spacewalk-backend in Red Hat Network (RHN) Satellite and Proxy 5.4 includes cleartext user passwords in an error message when a system registration XML-RPC call fails, which allows remote administrators to obtain the password by reading (1) the server log and (2) an email.
Redhat Network Proxy 5.4
Redhat Satellite 5.4
5.5
CVSSv2
CVE-2010-1171
Red Hat Network (RHN) Satellite 5.3 and 5.4 exposes a dangerous, obsolete XML-RPC API, which allows remote authenticated users to access arbitrary files and cause a denial of service (failed yum operations) via vectors related to configuration and package group (comps.xml) files ...
Redhat Satellite 5.4
Redhat Satellite 5.3
7.5
CVSSv2
CVE-2020-28036
wp-includes/class-wp-xmlrpc-server.php in WordPress prior to 5.5.2 allows malicious users to gain privileges by using XML-RPC to comment on a post.
Wordpress Wordpress
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Debian Debian Linux 10.0
9
CVSSv2
CVE-2010-3585
Unspecified vulnerability in the OracleVM component in Oracle VM 2.2.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to ovs-agent. NOTE: the previous information was obtained from the October 2010 CPU. Oracle ...
Oracle Vm 2.2.1
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38298
CVE-2024-20356
CVE-2023-21987
CVE-2024-33217
bypass
CVE-2024-31804
CVE-2024-32660
unauthorized
SSRF
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »