Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xml rpc vulnerabilities and exploits
(subscribe to this query)
5.9
CVSSv3
CVE-2012-6702
Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent malicious users to defeat cryptographic protection mechanisms via vectors involving use of the srand function.
Libexpat Project Libexpat
Google Android 5.0.2
Google Android 6.0.1
Google Android 6.0
Canonical Ubuntu Linux 12.04
Debian Debian Linux 8.0
Google Android 4.4.4
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 15.10
Canonical Ubuntu Linux 14.04
Google Android 5.1.1
NA
CVE-2014-9104
Multiple cross-site request forgery (CSRF) vulnerabilities in the XML-RPC API in the Desktop Client in OpenVPN Access Server 1.5.6 and previous versions allow remote malicious users to hijack the authentication of administrators for requests that (1) disconnecting established VPN...
Openvpn Openvpn Access Server
9.8
CVSSv3
CVE-2020-1693
A flaw was found in Spacewalk up to version 2.9 where it was vulnerable to XML internal entity attacks via the /rpc/api endpoint. An unauthenticated remote attacker could use this flaw to retrieve the content of certain files and trigger a denial of service, or in certain circums...
Redhat Spacewalk
6.1
CVSSv3
CVE-2017-14615
An FBX-5313 issue exists in WatchGuard Fireware prior to 12.0. When a failed login attempt is made to the login endpoint of the XML-RPC interface, if JavaScript code, properly encoded to be consumed by XML parsers, is embedded as value of the user element, the code will be render...
Watchguard Fireware
NA
CVE-2010-0597
Unspecified vulnerability in Cisco Mediator Framework 1.5.1 prior to 1.5.1.build.14-eng, 2.2 prior to 2.2.1.dev.1, and 3.0 prior to 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 allows remote authenticated users t...
Cisco Mediator Framework 2.2
Cisco Mediator Framework 3.0.8
Cisco Mediator Framework 1.5.1
NA
CVE-2010-0600
Cisco Mediator Framework 1.5.1 prior to 1.5.1.build.14-eng, 2.2 prior to 2.2.1.dev.1, and 3.0 prior to 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 does not properly restrict network access to an unspecified conf...
Cisco Mediator Framework 2.2
Cisco Mediator Framework 3.0.8
Cisco Mediator Framework 1.5.1
NA
CVE-2005-2498
Eval injection vulnerability in PHPXMLRPC 1.1.1 and previous versions (PEAR XML-RPC for PHP), as used in multiple products including (1) Drupal, (2) phpAdsNew, (3) phpPgAds, and (4) phpgroupware, allows remote malicious users to execute arbitrary PHP code via certain nested XML t...
Gggeek Phpxmlrpc
Debian Debian Linux 3.1
6.5
CVSSv3
CVE-2020-5016
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote malicious user to traverse directories on the system. When application security is disabled and JAX-RPC applications are present, an attacker could send a specially-crafted URL request containing "d...
Ibm Websphere Application Server
7.5
CVSSv3
CVE-2011-3600
The /webtools/control/xmlrpc endpoint in OFBiz XML-RPC event handler is exposed to External Entity Injection by passing DOCTYPE declarations with executable payloads that discloses the contents of files in the filesystem. In addition, it can also be used to probe for open network...
Apache Ofbiz
NA
CVE-2014-9057
SQL injection vulnerability in the XML-RPC interface in Movable Type prior to 5.18, 5.2.x prior to 5.2.11, and 6.x prior to 6.0.6 allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Debian Debian Linux 7.0
Sixapart Movable Type 6.0.5
Sixapart Movable Type 6.0
Sixapart Movable Type 5.2.2
Sixapart Movable Type 5.2.4
Sixapart Movable Type 5.2.9
Sixapart Movable Type
Sixapart Movable Type 6.0.4
Sixapart Movable Type 6.0.3
Sixapart Movable Type 6.0.2
Sixapart Movable Type 6.0.1
Sixapart Movable Type 5.2.5
Sixapart Movable Type 5.2.6
Sixapart Movable Type 5.2.7
Sixapart Movable Type 5.2.8
Sixapart Movable Type 5.2
Sixapart Movable Type 5.2.3
Sixapart Movable Type 5.2.10
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4956
validation
CVE-2024-35221
remote attackers
CVE-2023-30309
CVE-2024-36112
CVE-2024-23109
CVE-2023-43850
stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »