Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xml rpc vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2022-24336
In JetBrains TeamCity prior to 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity server.
Jetbrains Teamcity
605
VMScore
CVE-2022-24335
JetBrains TeamCity prior to 2021.2 was vulnerable to a Time-of-check/Time-of-use (TOCTOU) race-condition attack in agent registration via XML-RPC.
Jetbrains Teamcity
445
VMScore
CVE-2014-8875
The XML_RPC_cd function in lib/pear/XML/RPC.php in Revive Adserver prior to 3.0.6 allows remote malicious users to cause a denial of service (CPU and memory consumption) via a crafted XML-RPC request, aka an XML Entity Expansion (XEE) attack.
Revive-adserver Revive Adserver
605
VMScore
CVE-2008-1533
Unspecified vulnerability in the XML-RPC Blogger API plugin in Joomla! 1.5 allows remote malicious users to perform unauthorized article operations on articles via unknown vectors.
Joomla Joomla
NA
CVE-2023-43187
A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows malicious users to execute arbitrary code via crafted XML-RPC requests.
Nodebb Nodebb
605
VMScore
CVE-2016-4472
The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote malicious users to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete ...
Libexpat Project Libexpat
Canonical Ubuntu Linux 12.04
Mcafee Policy Auditor
Python Python
645
VMScore
CVE-2012-3363
Zend_XmlRpc in Zend Framework 1.x prior to 1.11.12 and 1.12.x prior to 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote malicious users to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-R...
Zend Zend Framework 1.12.0
Zend Zend Framework
Fedoraproject Fedora 17
Fedoraproject Fedora 18
Debian Debian Linux 6.0
1 EDB exploit
356
VMScore
CVE-2008-2104
The WebService in Bugzilla 3.1.3 allows remote authenticated users without canconfirm privileges to create NEW or ASSIGNED bug entries via a request to the XML-RPC interface, which bypasses the canconfirm check.
Mozilla Bugzilla 3.1.3
386
VMScore
CVE-2020-9496
XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03
Apache Ofbiz 17.12.03
11 Github repositories
570
VMScore
CVE-2008-1475
The xml-rpc server in Roundup 1.4.4 does not check property permissions, which allows malicious users to bypass restrictions and edit or read restricted properties via the (1) list, (2) display, and (3) set methods.
Roundup-tracker Roundup 1.4.1
Roundup-tracker Roundup 1.4.0
Roundup-tracker Roundup 1.1.2
Roundup-tracker Roundup 1.1.1
Roundup-tracker Roundup 0.7.2
Roundup-tracker Roundup 0.7.1
Roundup-tracker Roundup 0.6.8
Roundup-tracker Roundup 0.6.7
Roundup-tracker Roundup 0.8.4
Roundup-tracker Roundup 0.8.5
Roundup-tracker Roundup 0.7.12
Roundup-tracker Roundup 0.6.11
Roundup-tracker Roundup 0.5.3
Roundup-tracker Roundup 0.5.4
Roundup-tracker Roundup 0.2.1
Roundup-tracker Roundup 0.2.0
Roundup-tracker Roundup 0.2.4
Roundup-tracker Roundup 0.2.7
Roundup-tracker Roundup 0.3.0
Roundup-tracker Roundup 0.4.0
Roundup-tracker Roundup 0.5.0
Roundup-tracker Roundup 0.6.2
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4644
unprivileged
CVE-2024-3494
CVE-2024-22460
CVE-2024-26026
CVE-2024-23473
firewall
CVE-2024-28889
XML external entity
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »