Lucene search
K

64 matches found

UbuntuCve
UbuntuCve
added 2017/05/18 2:29 p.m.22 views

CVE-2017-9062

In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API...

8.6CVSS7.2AI score0.01775EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2017/05/18 2:29 p.m.30 views

CVE-2017-9065

In WordPress before 4.7.5, there is a lack of capability checks for post meta data in the XML-RPC API...

7.5CVSS7.1AI score0.04079EPSS
Exploits0References4
OSV
OSV
added 2017/05/18 2:29 p.m.22 views

CVE-2017-9062

In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API...

8.6CVSS6.6AI score
Exploits0References7
Cvelist
Cvelist
added 2017/05/18 2:0 p.m.23 views

CVE-2017-9065

In WordPress before 4.7.5, there is a lack of capability checks for post meta data in the XML-RPC API...

7.9AI score0.04079EPSS
Exploits0References7
Cvelist
Cvelist
added 2017/05/18 2:0 p.m.22 views

CVE-2017-9062

In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API...

8.6AI score0.01775EPSS
Exploits0References7
CVE
CVE
added 2017/05/18 2:0 p.m.147 views

CVE-2017-9065

CVE-2017-9065 affects WordPress

7.5CVSS7.8AI score0.04079EPSS
Exploits0References7Affected Software1
Debian CVE
Debian CVE
added 2017/05/18 2:0 p.m.27 views

CVE-2017-9062

In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API...

8.6CVSS2.1AI score0.01775EPSS
Exploits0
OSV
OSV
added 2015/03/30 2:59 p.m.3 views

DEBIAN-CVE-2015-2172

DokuWiki before 2014-05-05d and before 2014-09-29c does not properly check permissions for the ACL plugins, which allows remote authenticated users to gain privileges and add or delete ACL rules via a request to the XMLRPC API...

6.5CVSS7AI score0.02882EPSS
Exploits0References1
OSV
OSV
added 2015/03/30 2:59 p.m.5 views

UBUNTU-CVE-2015-2172

DokuWiki before 2014-05-05d and before 2014-09-29c does not properly check permissions for the ACL plugins, which allows remote authenticated users to gain privileges and add or delete ACL rules via a request to the XMLRPC API...

6.5CVSS5.8AI score0.02882EPSS
Exploits0References2
NVD
NVD
added 2014/11/26 3:59 p.m.15 views

CVE-2014-9104

Multiple cross-site request forgery CSRF vulnerabilities in the XML-RPC API in the Desktop Client in OpenVPN Access Server 1.5.6 and earlier allow remote attackers to hijack the authentication of administrators for requests that 1 disconnecting established VPN sessions, 2 connect to arbitrary VPN...

6.8CVSS8AI score0.00883EPSS
Exploits1References5
Prion
Prion
added 2014/11/26 3:59 p.m.12 views

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the XML-RPC API in the Desktop Client in OpenVPN Access Server 1.5.6 and earlier allow remote attackers to hijack the authentication of administrators for requests that 1 disconnecting established VPN sessions, 2 connect to arbitrary VPN...

6.8CVSS8.6AI score0.00883EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2014/11/26 3:0 p.m.22 views

CVE-2014-9104

Multiple cross-site request forgery CSRF vulnerabilities in the XML-RPC API in the Desktop Client in OpenVPN Access Server 1.5.6 and earlier allow remote attackers to hijack the authentication of administrators for requests that 1 disconnecting established VPN sessions, 2 connect to arbitrary VPN...

8AI score0.00883EPSS
Exploits1References5
CVE
CVE
added 2014/11/26 3:0 p.m.58 views

CVE-2014-9104

CVE-2014-9104 covers CSRF vulnerabilities in the XML-RPC API of the OpenVPN Access Server Desktop Client (versions up to 1.5.6). The issues allow an attacker to hijack administrator authentication and perform actions via crafted API requests, including disconnecting VPN sessions, connecting to ar...

6.8CVSS8.2AI score0.00883EPSS
Exploits1References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2014/10/25 12:55 a.m.6 views

CVE-2014-2021

Cross-site scripting XSS vulnerability in admincp/apilog.php in vBulletin 4.2.2 and earlier, and 5.0.x through 5.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted XMLRPC API request, as demonstrated using the client name...

3.5CVSS5.7AI score0.03389EPSS
Exploits4References8
ThreatPost
ThreatPost
added 2014/07/16 11:39 a.m.9 views

OpenVPN Warns Customers of CSRF Bug in Access Server Desktop Client

OpenVPN is advising users of its Desktop Client to upgrade as soon as possible to avoid attacks against a CSRF vulnerability that can allow remote code execution. The vulnerability lies in a product that the company no longer supports and considers obsolete. An attacker could exploit the...

4.1AI score
Exploits0References2
Metasploit
Metasploit
added 2013/01/05 1:44 a.m.76 views

Wordpress Pingback Locator

This module will scan for wordpress sites with the Pingback API enabled. By interfacing with the API an attacker can cause the wordpress site to port scan an external target and return results. Refer to the wordpresspingbackportscanner module. This issue was fixed in wordpress 3.5.1 This module...

6.4CVSS7.1AI score0.28857EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2012/04/10 12:0 a.m.24 views

FreeBSD : bugzilla Cross-Site Request Forgery (7f448dc1-82ca-11e1-b393-20cf30e32f6d)

A Bugzilla Security Advisory reports : The following security issues have been discovered in Bugzilla : - Due to a lack of validation of the enctype form attribute when making POST requests to xmlrpc.cgi, a possible CSRF vulnerability was discovered. If a user visits an HTML page with some...

5.1CVSS5.6AI score0.00826EPSS
Exploits0References3
NVD
NVD
added 2012/02/25 4:21 a.m.14 views

CVE-2012-0453

Cross-site request forgery CSRF vulnerability in xmlrpc.cgi in Bugzilla 4.0.2 through 4.0.4 and 4.1.1 through 4.2rc2, when modperl is used, allows remote attackers to hijack the authentication of arbitrary users for requests that modify the product's installation via the XML-RPC API...

5.1CVSS7AI score0.00826EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2012/02/25 4:21 a.m.24 views

CVE-2012-0453

Cross-site request forgery CSRF vulnerability in xmlrpc.cgi in Bugzilla 4.0.2 through 4.0.4 and 4.1.1 through 4.2rc2, when modperl is used, allows remote attackers to hijack the authentication of arbitrary users for requests that modify the product's installation via the XML-RPC API...

5.1CVSS6AI score0.00826EPSS
Exploits0References1
Prion
Prion
added 2012/02/25 4:21 a.m.20 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in xmlrpc.cgi in Bugzilla 4.0.2 through 4.0.4 and 4.1.1 through 4.2rc2, when modperl is used, allows remote attackers to hijack the authentication of arbitrary users for requests that modify the product's installation via the XML-RPC API...

5.1CVSS7.5AI score0.00826EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder