Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xml-rpc vulnerabilities and exploits
(subscribe to this query)
755
VMScore
CVE-2014-0030
The XML-RPC protocol support in Apache Roller prior to 5.0.3 allows malicious users to conduct XML External Entity (XXE) attacks via unspecified vectors.
Apache Roller 4.0.1
Apache Roller 3.1
Apache Roller 4.0
Apache Roller 5.0
Apache Roller 5.0.1
Apache Roller 5.0.2
1 EDB exploit
668
VMScore
CVE-2017-14652
SQL Injection vulnerability in mobiquo/lib/classTTForum.php in the Tapatalk plugin prior to 4.5.8 for MyBB allows an unauthenticated remote malicious user to inject arbitrary SQL commands via an XML-RPC encoded document sent as part of the user registration process.
Tapatalk Tapatalk
578
VMScore
CVE-2010-5106
The XML-RPC remote publishing interface in xmlrpc.php in WordPress prior to 3.0.3 does not properly check capabilities, which allows remote authenticated users to bypass intended access restrictions, and publish, edit, or delete posts, by leveraging the Author or Contributor role...
Wordpress Wordpress 2.5.1
Wordpress Wordpress 2.1.3
Wordpress Wordpress 2.2.3
Wordpress Wordpress 2.3
Wordpress Wordpress 2.0.8
Wordpress Wordpress 2.8
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.0.10
Wordpress Wordpress 2.0.11
Wordpress Wordpress 2.6.2
Wordpress Wordpress 2.2
Wordpress Wordpress 2.3.3
Wordpress Wordpress 2.6
Wordpress Wordpress 2.0
Wordpress Wordpress 2.3.2
Wordpress Wordpress 2.0.5
Wordpress Wordpress 2.0.7
Wordpress Wordpress 2.9.1
Wordpress Wordpress 2.5
Wordpress Wordpress 2.8.5.2
Wordpress Wordpress 2.8.2
Wordpress Wordpress 1.5
668
VMScore
CVE-2020-16124
Integer Overflow or Wraparound vulnerability in the XML RPC library of OpenRobotics ros_comm communications packages allows unauthenticated network traffic to cause unexpected behavior. This issue affects: OpenRobotics ros_comm communications packages Noetic and prior versions. F...
Ros Ros-comm
668
VMScore
CVE-2016-5742
SQL injection vulnerability in the XML-RPC interface in Movable Type Pro and Advanced 6.x prior to 6.1.3 and 6.2.x prior to 6.2.6 and Movable Type Open Source 5.2.13 and previous versions allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Sixapart Movable Type 6.1.1
Sixapart Movable Type 6.1.0
Sixapart Movable Type 6.0.8
Sixapart Movable Type 6.0.1
Sixapart Movable Type 6.0
Sixapart Movable Type 6.0.7
Sixapart Movable Type 6.2.4
Sixapart Movable Type 6.2.2
Sixapart Movable Type 6.0.5
Sixapart Movable Type 6.0.4
Sixapart Movable Type 6.2.0
Sixapart Movable Type 6.1.2
Sixapart Movable Type 6.0.3
Sixapart Movable Type 6.0.2
Sixapart Movable Type Open Source
Sixapart Movable Type 6.0.6
454
VMScore
CVE-2012-0453
Cross-site request forgery (CSRF) vulnerability in xmlrpc.cgi in Bugzilla 4.0.2 up to and including 4.0.4 and 4.1.1 up to and including 4.2rc2, when mod_perl is used, allows remote malicious users to hijack the authentication of arbitrary users for requests that modify the produc...
Mozilla Bugzilla 4.0.2
Mozilla Bugzilla 4.0.3
Mozilla Bugzilla 4.0.4
Mozilla Bugzilla 4.1.1
Mozilla Bugzilla 4.1.2
Mozilla Bugzilla 4.2
Mozilla Bugzilla 4.1.3
383
VMScore
CVE-2012-0059
Spacewalk-backend in Red Hat Network (RHN) Satellite and Proxy 5.4 includes cleartext user passwords in an error message when a system registration XML-RPC call fails, which allows remote administrators to obtain the password by reading (1) the server log and (2) an email.
Redhat Network Proxy 5.4
Redhat Satellite 5.4
490
VMScore
CVE-2010-1171
Red Hat Network (RHN) Satellite 5.3 and 5.4 exposes a dangerous, obsolete XML-RPC API, which allows remote authenticated users to access arbitrary files and cause a denial of service (failed yum operations) via vectors related to configuration and package group (comps.xml) files ...
Redhat Satellite 5.4
Redhat Satellite 5.3
668
VMScore
CVE-2020-28036
wp-includes/class-wp-xmlrpc-server.php in WordPress prior to 5.5.2 allows malicious users to gain privileges by using XML-RPC to comment on a post.
Wordpress Wordpress
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Debian Debian Linux 10.0
905
VMScore
CVE-2010-3585
Unspecified vulnerability in the OracleVM component in Oracle VM 2.2.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to ovs-agent. NOTE: the previous information was obtained from the October 2010 CPU. Oracle ...
Oracle Vm 2.2.1
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »