Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xml-rpc vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2008-1533
Unspecified vulnerability in the XML-RPC Blogger API plugin in Joomla! 1.5 allows remote malicious users to perform unauthorized article operations on articles via unknown vectors.
Joomla Joomla
NA
CVE-2023-43187
A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows malicious users to execute arbitrary code via crafted XML-RPC requests.
Nodebb Nodebb
4
CVSSv2
CVE-2008-2104
The WebService in Bugzilla 3.1.3 allows remote authenticated users without canconfirm privileges to create NEW or ASSIGNED bug entries via a request to the XML-RPC interface, which bypasses the canconfirm check.
Mozilla Bugzilla 3.1.3
6.8
CVSSv2
CVE-2016-4472
The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote malicious users to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete ...
Libexpat Project Libexpat
Canonical Ubuntu Linux 12.04
Mcafee Policy Auditor
Python Python
4.3
CVSSv2
CVE-2020-9496
XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03
Apache Ofbiz 17.12.03
11 Github repositories
6.4
CVSSv2
CVE-2008-1475
The xml-rpc server in Roundup 1.4.4 does not check property permissions, which allows malicious users to bypass restrictions and edit or read restricted properties via the (1) list, (2) display, and (3) set methods.
Roundup-tracker Roundup 1.4.1
Roundup-tracker Roundup 1.4.0
Roundup-tracker Roundup 1.1.2
Roundup-tracker Roundup 1.1.1
Roundup-tracker Roundup 0.7.2
Roundup-tracker Roundup 0.7.1
Roundup-tracker Roundup 0.6.8
Roundup-tracker Roundup 0.6.7
Roundup-tracker Roundup 0.8.4
Roundup-tracker Roundup 0.8.5
Roundup-tracker Roundup 0.7.12
Roundup-tracker Roundup 0.6.11
Roundup-tracker Roundup 0.5.3
Roundup-tracker Roundup 0.5.4
Roundup-tracker Roundup 0.2.1
Roundup-tracker Roundup 0.2.0
Roundup-tracker Roundup 0.2.4
Roundup-tracker Roundup 0.2.7
Roundup-tracker Roundup 0.3.0
Roundup-tracker Roundup 0.4.0
Roundup-tracker Roundup 0.5.0
Roundup-tracker Roundup 0.6.2
6.5
CVSSv2
CVE-2007-3140
SQL injection vulnerability in xmlrpc.php in WordPress 2.2 allows remote authenticated users to execute arbitrary SQL commands via a parameter value in an XML RPC wp.suggestCategories methodCall, a different vector than CVE-2007-1897.
Wordpress Wordpress 2.2
1 EDB exploit
7.5
CVSSv2
CVE-2020-28035
WordPress prior to 5.5.2 allows malicious users to gain privileges via XML-RPC.
Wordpress Wordpress
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Debian Debian Linux 10.0
7.5
CVSSv2
CVE-2018-9866
A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System (GMS) virtual appliance's, allow remote user to execute arbitrary code. This vulnerability affected GMS version 8.1 and previous versions.
Sonicwall Global Management System
7.5
CVSSv2
CVE-2017-14652
SQL Injection vulnerability in mobiquo/lib/classTTForum.php in the Tapatalk plugin prior to 4.5.8 for MyBB allows an unauthenticated remote malicious user to inject arbitrary SQL commands via an XML-RPC encoded document sent as part of the user registration process.
Tapatalk Tapatalk
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »