Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xml rpc vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2005-1992
The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets an invalid default value that prevents "security protection" using handlers, which allows remote malicious users to execute arbitrary commands.
Yukihiro Matsumoto Ruby 1.8
9
CVSSv2
CVE-2010-3583
Unspecified vulnerability in the OracleVM component in Oracle VM 2.2.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to ovs-agent. NOTE: the previous information was obtained from the October 2010 CPU. Oracle ...
Oracle Vm 2.2.1
7.8
CVSSv2
CVE-2017-6631
A vulnerability in the HTTP remote procedure call (RPC) service of set-top box (STB) receivers manufactured by Cisco for Yes could allow an unauthenticated, remote malicious user to cause a denial of service (DoS) condition on an affected device. The vulnerability exists because ...
Cisco Yesmax Hd Firmware -
Cisco Yesmaxtotal Firmware -
Cisco Yesquattro Firmware -
4.3
CVSSv2
CVE-2019-16935
The documentation XML-RPC server in Python up to and including 2.7.16, 3.x up to and including 3.6.9, and 3.7.x up to and including 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_ser...
Python Python
Debian Debian Linux 9.0
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 12.04
8.3
CVSSv2
CVE-2011-0378
The XML-RPC implementation on Cisco TelePresence endpoint devices with software 1.2.x up to and including 1.5.x allows remote malicious users to execute arbitrary commands via a TCP request, related to a "command injection vulnerability," aka Bug ID CSCtb52587.
Cisco Telepresence System Software 1.5.12
Cisco Telepresence System Software 1.2.3
Cisco Telepresence System Software 1.5.10
Cisco Telepresence System Software 1.4.7
Cisco Telepresence System Software 1.3.2
Cisco Telepresence System Software 1.5.3
Cisco Telepresence System Software 1.5.13
Cisco Telepresence System Software 1.5.11
Cisco Telepresence System Software 1.5.1
Cisco Telepresence System 1100
Cisco Telepresence System 1000
Cisco Telepresence System 3000
Cisco Telepresence System 1300 Series
Cisco Telepresence System 3200 Series
Cisco Telepresence System 500 Series
9.3
CVSSv2
CVE-2011-0386
The XML-RPC implementation on Cisco TelePresence Recording Server devices with software 1.6.x and 1.7.x prior to 1.7.1 allows remote malicious users to overwrite files and consequently execute arbitrary code via a malformed request, aka Bug ID CSCti50739.
Cisco Telepresence Recording Server Software 1.6.2
Cisco Telepresence Recording Server Software 1.7.1
Cisco Telepresence Recording Server Software 1.7.0
Cisco Telepresence Recording Server Software 1.6.1
Cisco Telepresence Recording Server Software 1.6.3
Cisco Telepresence Recording Server
7.5
CVSSv2
CVE-2011-0392
Cisco TelePresence Recording Server devices with software 1.6.x do not require authentication for an XML-RPC interface, which allows remote malicious users to perform unspecified actions via a session on TCP port 8080, aka Bug ID CSCtg35833.
Cisco Telepresence Recording Server Software 1.6.1
Cisco Telepresence Recording Server Software 1.6.3
Cisco Telepresence Recording Server Software 1.6.2
Cisco Telepresence Recording Server
7.5
CVSSv2
CVE-2005-0089
The SimpleXMLRPCServer library module in Python 2.2, 2.3 prior to 2.3.5, and 2.4, when used by XML-RPC servers that use the register_instance method to register an object without a _dispatch method, allows remote malicious users to read or modify globals of the associated module,...
Python Python 2.4.0
Python Python
7.1
CVSSv2
CVE-2007-5824
webserver.c in mt-dappd in Firefly Media Server 0.2.4 and previous versions allows remote malicious users to cause a denial of service (NULL dereference and daemon crash) via a stats method action to /xml-rpc with (1) an empty Authorization header line, which triggers a crash in ...
Firefly Media Server
1 EDB exploit
7.5
CVSSv2
CVE-2007-5825
Format string vulnerability in the ws_addarg function in webserver.c in mt-dappd in Firefly Media Server 0.2.4 and previous versions allows remote malicious users to execute arbitrary code via a stats method action to /xml-rpc with format string specifiers in the (1) username or ...
Firefly Media Server 0.2.4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4956
validation
CVE-2024-35221
remote attackers
CVE-2023-30309
CVE-2024-36112
CVE-2024-23109
CVE-2023-43850
stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »