Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xml-rpc vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2018-7301
eQ-3 AG HomeMatic CCU2 2.29.22 devices have an open XML-RPC port without authentication. This can be exploited by sending arbitrary XML-RPC requests to control the attached BidCos devices.
Eq-3 Homematic Central Control Unit Ccu2 Firmware 2.29.22
516
VMScore
CVE-2014-3781
The dcXmlRpc::setUser method in nc/core/class.dc.xmlrpc.php in Dotclear prior to 2.6.3 allows remote malicious users to bypass authentication via an empty password in an XML-RPC request.
Dotclear Dotclear
Dotclear Dotclear 2.6.1
Dotclear Dotclear 2.6
668
VMScore
CVE-2013-7149
SQL injection vulnerability in www/delivery/axmlrpc.php (aka the XML-RPC delivery invocation script) in Revive Adserver prior to 3.0.2, and OpenX Source 2.8.11 and previous versions, allows remote malicious users to execute arbitrary SQL commands via the what parameter to an XML-...
Openx Openx 2.8.10
Openx Openx
Revive-adserver Revive Adserver
Revive-adserver Revive Adserver 3.0.0
445
VMScore
CVE-2007-4539
The WebService (XML-RPC) interface in Bugzilla 2.23.3 up to and including 3.0.0 does not enforce permissions for the time-tracking fields of bugs, which allows remote malicious users to obtain sensitive information via certain XML-RPC requests, as demonstrated by the (1) Deadline...
Mozilla Bugzilla 2.6
Mozilla Bugzilla 2.8
Mozilla Bugzilla 2.23.4
Mozilla Bugzilla 2.4
Mozilla Bugzilla 2.9
Mozilla Bugzilla 3.0.0
Mozilla Bugzilla 2.23.3
445
VMScore
CVE-2017-8055
WatchGuard Fireware allows user enumeration, e.g., in the Firebox XML-RPC login handler. A login request that contains a blank password sent to the XML-RPC agent in Fireware v11.12.1 and previous versions returns different responses for valid and invalid usernames. An attacker co...
Watchguard Fireware
356
VMScore
CVE-2022-24333
In JetBrains TeamCity prior to 2021.2, blind SSRF via an XML-RPC call was possible.
Jetbrains Teamcity
668
VMScore
CVE-2018-17198
Server-side Request Forgery (SSRF) and File Enumeration vulnerability in Apache Roller 5.2.1, 5.2.0 and previous versions unsupported versions relies on Java SAX Parser to implement its XML-RPC interface and by default that parser supports external entities in XML DOCTYPE, which ...
Apache Roller 5.2.1
Apache Roller
Apache Roller 5.2.0
445
VMScore
CVE-2019-14258
The XML-RPC subsystem in Zenoss 2.5.3 allows XXE attacks that lead to unauthenticated information disclosure via port 9988.
Zenoss Zenoss 2.5.3
445
VMScore
CVE-2022-24336
In JetBrains TeamCity prior to 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity server.
Jetbrains Teamcity
605
VMScore
CVE-2022-24335
JetBrains TeamCity prior to 2021.2 was vulnerable to a Time-of-check/Time-of-use (TOCTOU) race-condition attack in agent registration via XML-RPC.
Jetbrains Teamcity
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »