Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xml-rpc vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2017-8055
WatchGuard Fireware allows user enumeration, e.g., in the Firebox XML-RPC login handler. A login request that contains a blank password sent to the XML-RPC agent in Fireware v11.12.1 and previous versions returns different responses for valid and invalid usernames. An attacker co...
Watchguard Fireware
5.3
CVSSv3
CVE-2017-8056
WatchGuard Fireware v11.12.1 and previous versions mishandles requests referring to an XML External Entity (XXE), in the XML-RPC agent. This causes the Firebox wgagent process to crash. This process crash ends all authenticated sessions to the Firebox, including management connec...
Watchguard Fireware
NA
CVE-2013-2184
Movable Type prior to 5.2.6 does not properly use the Storable::thaw function, which allows remote malicious users to execute arbitrary code via the comment_state parameter.
Sixapart Movable Type
NA
CVE-2015-1592
Movable Type Pro, Open Source, and Advanced prior to 5.2.12 and Pro and Advanced 6.0.x prior to 6.0.7 does not properly use the Perl Storable::thaw function, which allows remote malicious users to include and execute arbitrary local Perl files and possibly execute arbitrary code ...
Debian Debian Linux 7.0
Sixapart Movable Type
1 EDB exploit
NA
CVE-2014-8875
The XML_RPC_cd function in lib/pear/XML/RPC.php in Revive Adserver prior to 3.0.6 allows remote malicious users to cause a denial of service (CPU and memory consumption) via a crafted XML-RPC request, aka an XML Entity Expansion (XEE) attack.
Revive-adserver Revive Adserver
NA
CVE-2014-9057
SQL injection vulnerability in the XML-RPC interface in Movable Type prior to 5.18, 5.2.x prior to 5.2.11, and 6.x prior to 6.0.6 allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Debian Debian Linux 7.0
Sixapart Movable Type 6.0.5
Sixapart Movable Type 6.0
Sixapart Movable Type 5.2.2
Sixapart Movable Type 5.2.4
Sixapart Movable Type 5.2.9
Sixapart Movable Type
Sixapart Movable Type 6.0.4
Sixapart Movable Type 6.0.3
Sixapart Movable Type 6.0.2
Sixapart Movable Type 6.0.1
Sixapart Movable Type 5.2.5
Sixapart Movable Type 5.2.6
Sixapart Movable Type 5.2.7
Sixapart Movable Type 5.2.8
Sixapart Movable Type 5.2
Sixapart Movable Type 5.2.3
Sixapart Movable Type 5.2.10
NA
CVE-2014-9104
Multiple cross-site request forgery (CSRF) vulnerabilities in the XML-RPC API in the Desktop Client in OpenVPN Access Server 1.5.6 and previous versions allow remote malicious users to hijack the authentication of administrators for requests that (1) disconnecting established VPN...
Openvpn Openvpn Access Server
NA
CVE-2014-5035
The Netconf (TCP) service in OpenDaylight 1.0 allows remote malicious users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference in an XML-RPC message, related to an XML External Entity (XXE) issue.
Opendaylight Opendaylight 1.0
NA
CVE-2014-5266
The Incutio XML-RPC (IXR) Library, as used in WordPress prior to 3.9.2 and Drupal 6.x prior to 6.33 and 7.x prior to 7.31, does not limit the number of elements in an XML document, which allows remote malicious users to cause a denial of service (CPU consumption) via a large docu...
Wordpress Wordpress 3.0
Wordpress Wordpress 3.0.1
Wordpress Wordpress 3.0.2
Wordpress Wordpress 3.0.3
Wordpress Wordpress 3.3.1
Wordpress Wordpress 3.3.2
Wordpress Wordpress 3.3.3
Wordpress Wordpress 3.4.0
Wordpress Wordpress 3.0.4
Wordpress Wordpress 3.0.6
Wordpress Wordpress 3.2
Wordpress Wordpress 3.3
Wordpress Wordpress 3.4.1
Wordpress Wordpress 3.5.0
Wordpress Wordpress 3.8.1
Wordpress Wordpress
Wordpress Wordpress 3.1.1
Wordpress Wordpress 3.1.2
Wordpress Wordpress 3.1.3
Wordpress Wordpress 3.1.4
Wordpress Wordpress 3.6
Wordpress Wordpress 3.6.1
NA
CVE-2014-5265
The Incutio XML-RPC (IXR) Library, as used in WordPress prior to 3.9.2 and Drupal 6.x prior to 6.33 and 7.x prior to 7.31, permits entity declarations without considering recursion during entity expansion, which allows remote malicious users to cause a denial of service (memory a...
Wordpress Wordpress 3.0
Wordpress Wordpress 3.0.1
Wordpress Wordpress 3.0.2
Wordpress Wordpress 3.3.1
Wordpress Wordpress 3.3.2
Wordpress Wordpress 3.3.3
Wordpress Wordpress 3.4.0
Wordpress Wordpress 3.1
Wordpress Wordpress 3.1.1
Wordpress Wordpress 3.1.2
Wordpress Wordpress 3.1.3
Wordpress Wordpress 3.1.4
Wordpress Wordpress 3.6
Wordpress Wordpress 3.6.1
Wordpress Wordpress 3.7
Wordpress Wordpress 3.7.1
Wordpress Wordpress 3.0.4
Wordpress Wordpress 3.0.6
Wordpress Wordpress 3.2
Wordpress Wordpress 3.3
Wordpress Wordpress 3.4.1
Wordpress Wordpress 3.5.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »