Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xml rpc vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2022-24336
In JetBrains TeamCity prior to 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity server.
Jetbrains Teamcity
8.1
CVSSv3
CVE-2022-24335
JetBrains TeamCity prior to 2021.2 was vulnerable to a Time-of-check/Time-of-use (TOCTOU) race-condition attack in agent registration via XML-RPC.
Jetbrains Teamcity
NA
CVE-2014-8875
The XML_RPC_cd function in lib/pear/XML/RPC.php in Revive Adserver prior to 3.0.6 allows remote malicious users to cause a denial of service (CPU and memory consumption) via a crafted XML-RPC request, aka an XML Entity Expansion (XEE) attack.
Revive-adserver Revive Adserver
NA
CVE-2008-1533
Unspecified vulnerability in the XML-RPC Blogger API plugin in Joomla! 1.5 allows remote malicious users to perform unauthorized article operations on articles via unknown vectors.
Joomla Joomla
9.8
CVSSv3
CVE-2023-43187
A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows malicious users to execute arbitrary code via crafted XML-RPC requests.
Nodebb Nodebb
9.1
CVSSv3
CVE-2012-3363
Zend_XmlRpc in Zend Framework 1.x prior to 1.11.12 and 1.12.x prior to 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote malicious users to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-R...
Zend Zend Framework 1.12.0
Zend Zend Framework
Fedoraproject Fedora 17
Fedoraproject Fedora 18
Debian Debian Linux 6.0
1 EDB exploit
8.1
CVSSv3
CVE-2016-4472
The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote malicious users to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete ...
Libexpat Project Libexpat
Canonical Ubuntu Linux 12.04
Mcafee Policy Auditor
Python Python
NA
CVE-2008-2104
The WebService in Bugzilla 3.1.3 allows remote authenticated users without canconfirm privileges to create NEW or ASSIGNED bug entries via a request to the XML-RPC interface, which bypasses the canconfirm check.
Mozilla Bugzilla 3.1.3
6.1
CVSSv3
CVE-2020-9496
XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03
Apache Ofbiz 17.12.03
11 Github repositories
NA
CVE-2008-1475
The xml-rpc server in Roundup 1.4.4 does not check property permissions, which allows malicious users to bypass restrictions and edit or read restricted properties via the (1) list, (2) display, and (3) set methods.
Roundup-tracker Roundup 1.4.1
Roundup-tracker Roundup 1.4.0
Roundup-tracker Roundup 1.1.2
Roundup-tracker Roundup 1.1.1
Roundup-tracker Roundup 0.7.2
Roundup-tracker Roundup 0.7.1
Roundup-tracker Roundup 0.6.8
Roundup-tracker Roundup 0.6.7
Roundup-tracker Roundup 0.8.4
Roundup-tracker Roundup 0.8.5
Roundup-tracker Roundup 0.7.12
Roundup-tracker Roundup 0.6.11
Roundup-tracker Roundup 0.5.3
Roundup-tracker Roundup 0.5.4
Roundup-tracker Roundup 0.2.1
Roundup-tracker Roundup 0.2.0
Roundup-tracker Roundup 0.2.4
Roundup-tracker Roundup 0.2.7
Roundup-tracker Roundup 0.3.0
Roundup-tracker Roundup 0.4.0
Roundup-tracker Roundup 0.5.0
Roundup-tracker Roundup 0.6.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middle
CVE-2024-34558
CVE-2024-32674
CVE-2024-34351
XPath injection
CVE-2023-45866
CVE-2024-25528
CVE-2024-25517
path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »