Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xml-rpc vulnerabilities and exploits
(subscribe to this query)
446
VMScore
CVE-2017-9062
In WordPress prior to 4.7.5, there is improper handling of post meta data values in the XML-RPC API.
Wordpress Wordpress
Debian Debian Linux 9.0
Debian Debian Linux 8.0
446
VMScore
CVE-2017-9065
In WordPress prior to 4.7.5, there is a lack of capability checks for post meta data in the XML-RPC API.
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
445
VMScore
CVE-2022-26662
An XML Entity Expansion (XEE) issue exists in Tryton Application Platform (Server) 5.x up to and including 5.0.45, 6.x up to and including 6.0.15, and 6.1.x and 6.2.x up to and including 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x up to and includin...
Tryton Proteus
Tryton Trytond
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
445
VMScore
CVE-2022-24336
In JetBrains TeamCity prior to 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity server.
Jetbrains Teamcity
445
VMScore
CVE-2011-3600
The /webtools/control/xmlrpc endpoint in OFBiz XML-RPC event handler is exposed to External Entity Injection by passing DOCTYPE declarations with executable payloads that discloses the contents of files in the filesystem. In addition, it can also be used to probe for open network...
Apache Ofbiz
445
VMScore
CVE-2019-14258
The XML-RPC subsystem in Zenoss 2.5.3 allows XXE attacks that lead to unauthenticated information disclosure via port 9988.
Zenoss Zenoss 2.5.3
445
VMScore
CVE-2019-9024
An issue exists in PHP prior to 5.6.40, 7.x prior to 7.1.26, 7.2.x prior to 7.2.14, and 7.3.x prior to 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c.
Php Php
Debian Debian Linux 9.0
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Netapp Storage Automation Store -
Opensuse Leap 42.3
445
VMScore
CVE-2019-9022
An issue exists in PHP 7.x prior to 7.1.26, 7.2.x prior to 7.2.14, and 7.3.x prior to 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This ...
Php Php
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Netapp Storage Automation Store -
445
VMScore
CVE-2017-8056
WatchGuard Fireware v11.12.1 and previous versions mishandles requests referring to an XML External Entity (XXE), in the XML-RPC agent. This causes the Firebox wgagent process to crash. This process crash ends all authenticated sessions to the Firebox, including management connec...
Watchguard Fireware
445
VMScore
CVE-2017-8055
WatchGuard Fireware allows user enumeration, e.g., in the Firebox XML-RPC login handler. A login request that contains a blank password sent to the XML-RPC agent in Fireware v11.12.1 and previous versions returns different responses for valid and invalid usernames. An attacker co...
Watchguard Fireware
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »