Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xml-rpc vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2013-7149
SQL injection vulnerability in www/delivery/axmlrpc.php (aka the XML-RPC delivery invocation script) in Revive Adserver prior to 3.0.2, and OpenX Source 2.8.11 and previous versions, allows remote malicious users to execute arbitrary SQL commands via the what parameter to an XML-...
Openx Openx 2.8.10
Openx Openx
Revive-adserver Revive Adserver
Revive-adserver Revive Adserver 3.0.0
7.5
CVSSv2
CVE-2011-0392
Cisco TelePresence Recording Server devices with software 1.6.x do not require authentication for an XML-RPC interface, which allows remote malicious users to perform unspecified actions via a session on TCP port 8080, aka Bug ID CSCtg35833.
Cisco Telepresence Recording Server Software 1.6.1
Cisco Telepresence Recording Server Software 1.6.3
Cisco Telepresence Recording Server Software 1.6.2
Cisco Telepresence Recording Server
7.5
CVSSv2
CVE-2008-1771
Integer overflow in the ws_getpostvars function in Firefly Media Server (formerly mt-daapd) 0.2.4.1 (0.9~r1696-1.2 on Debian) allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP POST request with a large Content-Lengt...
Fireflymediaserver Fireflymediaserver 0.2.4.1
7.5
CVSSv2
CVE-2007-5825
Format string vulnerability in the ws_addarg function in webserver.c in mt-dappd in Firefly Media Server 0.2.4 and previous versions allows remote malicious users to execute arbitrary code via a stats method action to /xml-rpc with format string specifiers in the (1) username or ...
Firefly Media Server 0.2.4
7.5
CVSSv2
CVE-2006-0868
Multiple unspecified injection vulnerabilities in unspecified Auth Container back ends for PEAR::Auth prior to 1.2.4, and 1.3.x prior to 1.3.0r4, allow remote malicious users to "falsify authentication credentials," related to the "underlying storage containers.&qu...
Pear Xml Rpc 1.0.2
Pear Xml Rpc 1.0.3
Pear Xml Rpc 1.2.0rc5
Pear Xml Rpc 1.2.0rc6
Pear Xml Rpc 1.0.4
Pear Xml Rpc 1.1.0
Pear Xml Rpc 1.2.0
Pear Xml Rpc 1.2.0rc7
Pear Xml Rpc 1.2.1
Pear Xml Rpc 1.2.0rc3
Pear Xml Rpc 1.2.0rc4
Pear Xml Rpc 1.3.0rc2
Pear Xml Rpc 1.3.0rc3
Pear Xml Rpc 1.2.0rc1
Pear Xml Rpc 1.2.0rc2
Pear Xml Rpc 1.2.2
Pear Xml Rpc 1.3.0rc1
7.5
CVSSv2
CVE-2005-2498
Eval injection vulnerability in PHPXMLRPC 1.1.1 and previous versions (PEAR XML-RPC for PHP), as used in multiple products including (1) Drupal, (2) phpAdsNew, (3) phpPgAds, and (4) phpgroupware, allows remote malicious users to execute arbitrary PHP code via certain nested XML t...
Gggeek Phpxmlrpc
Debian Debian Linux 3.1
7.5
CVSSv2
CVE-2005-1921
Eval injection vulnerability in PEAR XML_RPC 1.3.0 and previous versions (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and previous versions, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6)...
Php Xml Rpc
Gggeek Phpxmlrpc
Drupal Drupal
Tiki Tikiwiki Cms\\/groupware
Debian Debian Linux 3.1
5 EDB exploits
7.5
CVSSv2
CVE-2005-1992
The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets an invalid default value that prevents "security protection" using handlers, which allows remote malicious users to execute arbitrary commands.
Yukihiro Matsumoto Ruby 1.8
7.5
CVSSv2
CVE-2005-0089
The SimpleXMLRPCServer library module in Python 2.2, 2.3 prior to 2.3.5, and 2.4, when used by XML-RPC servers that use the register_instance method to register an object without a _dispatch method, allows remote malicious users to read or modify globals of the associated module,...
Python Python 2.4.0
Python Python
7.1
CVSSv2
CVE-2007-5824
webserver.c in mt-dappd in Firefly Media Server 0.2.4 and previous versions allows remote malicious users to cause a denial of service (NULL dereference and daemon crash) via a stats method action to /xml-rpc with (1) an empty Authorization header line, which triggers a crash in ...
Firefly Media Server
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »