64 matches found
CVE-2017-9062
In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API...
CVE-2017-9065
In WordPress before 4.7.5, there is a lack of capability checks for post meta data in the XML-RPC API...
CVE-2017-9062
In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API...
CVE-2017-9065
In WordPress before 4.7.5, there is a lack of capability checks for post meta data in the XML-RPC API...
CVE-2017-9062
In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API...
CVE-2017-9065
CVE-2017-9065 affects WordPress
CVE-2017-9062
In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API...
DEBIAN-CVE-2015-2172
DokuWiki before 2014-05-05d and before 2014-09-29c does not properly check permissions for the ACL plugins, which allows remote authenticated users to gain privileges and add or delete ACL rules via a request to the XMLRPC API...
UBUNTU-CVE-2015-2172
DokuWiki before 2014-05-05d and before 2014-09-29c does not properly check permissions for the ACL plugins, which allows remote authenticated users to gain privileges and add or delete ACL rules via a request to the XMLRPC API...
CVE-2014-9104
Multiple cross-site request forgery CSRF vulnerabilities in the XML-RPC API in the Desktop Client in OpenVPN Access Server 1.5.6 and earlier allow remote attackers to hijack the authentication of administrators for requests that 1 disconnecting established VPN sessions, 2 connect to arbitrary VPN...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the XML-RPC API in the Desktop Client in OpenVPN Access Server 1.5.6 and earlier allow remote attackers to hijack the authentication of administrators for requests that 1 disconnecting established VPN sessions, 2 connect to arbitrary VPN...
CVE-2014-9104
Multiple cross-site request forgery CSRF vulnerabilities in the XML-RPC API in the Desktop Client in OpenVPN Access Server 1.5.6 and earlier allow remote attackers to hijack the authentication of administrators for requests that 1 disconnecting established VPN sessions, 2 connect to arbitrary VPN...
CVE-2014-9104
CVE-2014-9104 covers CSRF vulnerabilities in the XML-RPC API of the OpenVPN Access Server Desktop Client (versions up to 1.5.6). The issues allow an attacker to hijack administrator authentication and perform actions via crafted API requests, including disconnecting VPN sessions, connecting to ar...
CVE-2014-2021
Cross-site scripting XSS vulnerability in admincp/apilog.php in vBulletin 4.2.2 and earlier, and 5.0.x through 5.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted XMLRPC API request, as demonstrated using the client name...
OpenVPN Warns Customers of CSRF Bug in Access Server Desktop Client
OpenVPN is advising users of its Desktop Client to upgrade as soon as possible to avoid attacks against a CSRF vulnerability that can allow remote code execution. The vulnerability lies in a product that the company no longer supports and considers obsolete. An attacker could exploit the...
Wordpress Pingback Locator
This module will scan for wordpress sites with the Pingback API enabled. By interfacing with the API an attacker can cause the wordpress site to port scan an external target and return results. Refer to the wordpresspingbackportscanner module. This issue was fixed in wordpress 3.5.1 This module...
FreeBSD : bugzilla Cross-Site Request Forgery (7f448dc1-82ca-11e1-b393-20cf30e32f6d)
A Bugzilla Security Advisory reports : The following security issues have been discovered in Bugzilla : - Due to a lack of validation of the enctype form attribute when making POST requests to xmlrpc.cgi, a possible CSRF vulnerability was discovered. If a user visits an HTML page with some...
CVE-2012-0453
Cross-site request forgery CSRF vulnerability in xmlrpc.cgi in Bugzilla 4.0.2 through 4.0.4 and 4.1.1 through 4.2rc2, when modperl is used, allows remote attackers to hijack the authentication of arbitrary users for requests that modify the product's installation via the XML-RPC API...
CVE-2012-0453
Cross-site request forgery CSRF vulnerability in xmlrpc.cgi in Bugzilla 4.0.2 through 4.0.4 and 4.1.1 through 4.2rc2, when modperl is used, allows remote attackers to hijack the authentication of arbitrary users for requests that modify the product's installation via the XML-RPC API...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in xmlrpc.cgi in Bugzilla 4.0.2 through 4.0.4 and 4.1.1 through 4.2rc2, when modperl is used, allows remote attackers to hijack the authentication of arbitrary users for requests that modify the product's installation via the XML-RPC API...