Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xml-rpc vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2019-5434
An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize() call on the "what" parameter in the "openads.spc" RPC method. Such vulnerability could be used to perform various types of attacks, e.g. exploi...
Revive-sas Revive Adserver
1 EDB exploit
9.8
CVSSv3
CVE-2019-9020
An issue exists in PHP prior to 5.6.40, 7.x prior to 7.1.26, 7.2.x prior to 7.2.14, and 7.3.x prior to 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in ...
Php Php
Debian Debian Linux 9.0
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 16.04
Netapp Storage Automation Store -
Opensuse Leap 42.3
9.8
CVSSv3
CVE-2019-9021
An issue exists in PHP prior to 5.6.40, 7.x prior to 7.1.26, 7.2.x prior to 7.2.14, and 7.3.x prior to 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an malicious user to read allocated or unallocated memory past the actual data whe...
Php Php
Debian Debian Linux 9.0
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Netapp Storage Automation Store -
Opensuse Leap 42.3
9.8
CVSSv3
CVE-2019-9023
An issue exists in PHP prior to 5.6.40, 7.x prior to 7.1.26, 7.2.x prior to 7.2.14, and 7.3.x prior to 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstr...
Php Php
Debian Debian Linux 9.0
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 16.04
Netapp Storage Automation Store -
Opensuse Leap 42.3
9.8
CVSSv3
CVE-2018-9866
A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System (GMS) virtual appliance's, allow remote user to execute arbitrary code. This vulnerability affected GMS version 8.1 and previous versions.
Sonicwall Global Management System
9.8
CVSSv3
CVE-2018-7301
eQ-3 AG HomeMatic CCU2 2.29.22 devices have an open XML-RPC port without authentication. This can be exploited by sending arbitrary XML-RPC requests to control the attached BidCos devices.
Eq-3 Homematic Central Control Unit Ccu2 Firmware 2.29.22
9.8
CVSSv3
CVE-2014-0030
The XML-RPC protocol support in Apache Roller prior to 5.0.3 allows malicious users to conduct XML External Entity (XXE) attacks via unspecified vectors.
Apache Roller 4.0.1
Apache Roller 3.1
Apache Roller 4.0
Apache Roller 5.0
Apache Roller 5.0.1
Apache Roller 5.0.2
1 EDB exploit
9.8
CVSSv3
CVE-2017-14652
SQL Injection vulnerability in mobiquo/lib/classTTForum.php in the Tapatalk plugin prior to 4.5.8 for MyBB allows an unauthenticated remote malicious user to inject arbitrary SQL commands via an XML-RPC encoded document sent as part of the user registration process.
Tapatalk Tapatalk
9.8
CVSSv3
CVE-2016-5742
SQL injection vulnerability in the XML-RPC interface in Movable Type Pro and Advanced 6.x prior to 6.1.3 and 6.2.x prior to 6.2.6 and Movable Type Open Source 5.2.13 and previous versions allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Sixapart Movable Type 6.1.1
Sixapart Movable Type 6.1.0
Sixapart Movable Type 6.0.8
Sixapart Movable Type 6.0.1
Sixapart Movable Type 6.0
Sixapart Movable Type 6.0.7
Sixapart Movable Type 6.2.4
Sixapart Movable Type 6.2.2
Sixapart Movable Type 6.0.5
Sixapart Movable Type 6.0.4
Sixapart Movable Type 6.2.0
Sixapart Movable Type 6.1.2
Sixapart Movable Type 6.0.3
Sixapart Movable Type 6.0.2
Sixapart Movable Type Open Source
Sixapart Movable Type 6.0.6
9.8
CVSSv3
CVE-2016-0718
Expat allows context-dependent malicious users to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.
Mozilla Firefox
Apple Mac Os X
Suse Linux Enterprise Server 11
Suse Studio Onsite 1.3
Suse Linux Enterprise Software Development Kit 11
Suse Linux Enterprise Debuginfo 11
Opensuse Leap 42.1
Suse Linux Enterprise Software Development Kit 12
Suse Linux Enterprise Server 12
Suse Linux Enterprise Desktop 12
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Libexpat Project Libexpat
Debian Debian Linux 8.0
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
Mcafee Policy Auditor
Python Python
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »