CVE-2023-4568

PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Versions 22.0.12 and below are confirmed to be affected, but later versions may also be affected due to lack of a vendor supplied patch...

Amazon Linux 2 : xmlrpc (ALAS-2023-2080)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2080 advisory. An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC aka ws-xmlrpc library. A malicious XML-RPC server could target a XML-RPC clie...

Important: xmlrpc

Issue Overview: An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC aka ws-xmlrpc library. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code. Apache XML-RPC is no longer maintain...

K000134818: Python XML RPC vulnerability CVE-2019-16935

Security Advisory Description The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the servertitle field. This occurs in Lib/DocXMLRPCServer. py in Python 2.x, and in Lib/xmlrpc/server. py in Python 3.x. If setservertitle is called with...

Debian: Security Advisory (DSA-2018-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2005-0089

The SimpleXMLRPCServer library module in Python 2.2, 2.3 before 2.3.5, and 2.4, when used by XML-RPC servers that use the registerinstance method to register an object without a dispatch method, allows remote attackers to read or modify globals of the associated module, and possibly execute...

SUSE CVE-2005-2498

Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier PEAR XML-RPC for PHP, as used in multiple products including 1 Drupal, 2 phpAdsNew, 3 phpPgAds, and 4 phpgroupware, allows remote attackers to execute arbitrary PHP code via certain nested XML tags in a PHP document that should not be...

SUSE CVE-2007-5825

Format string vulnerability in the wsaddarg function in webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to execute arbitrary code via a stats method action to /xml-rpc with format string specifiers in the 1 username or 2 password portion of base64-encoded...

SUSE CVE-2010-1171

Red Hat Network RHN Satellite 5.3 and 5.4 exposes a dangerous, obsolete XML-RPC API, which allows remote authenticated users to access arbitrary files and cause a denial of service failed yum operations via vectors related to configuration and package group comps.xml files for channels...

SUSE CVE-2012-0059

A flaw was found in Spacewalk-backend. This information disclosure vulnerability occurs when a system registration XML-RPC call fails, causing cleartext user passwords to be included in error messages. Remote administrators can exploit this by reading server logs and emails, leading to the...

SUSE CVE-2012-0845

SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service infinite loop and CPU consumption via an XML-RPC POST request that contains a smaller amount of data than specified...

SUSE CVE-2014-8163

Directory traversal vulnerability in the XMLRPC interface in Red Hat Satellite 5...

SUSE CVE-2018-1000226

Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API /cobblerapi that can result in Privilege escalation, data manipulation or...

GHSA-M95X-M25C-W9MP XML-RPC for PHP allows access to local files via malicious argument to the Client::send method

Abusing the $method argument of Client::send, it was possible to force the client to access local files or connect to undesired urls instead of the intended target server's url the one used in the Client constructor. This weakness only affects installations where all the following conditions appl...

XML-RPC for PHP allows access to local files via malicious argument to the Client::send method

Abusing the $method argument of Client::send, it was possible to force the client to access local files or connect to undesired urls instead of the intended target server's url the one used in the Client constructor. This weakness only affects installations where all the following conditions appl...

GHSA-7VCX-V65Q-9WPG XML-RPC for PHP's `Wrapper::buildClientWrapperCode` method allows code injection via malicious `$client` argument

In order for this weakness to be exploited, the following conditions have to apply, at the same time: - method Wrapper::buildClientWrapperCode, or any methods which depend on it, such as Wrapper::wrapXmlrpcServer, Wrapper::wrapXmlrpcMethod or Wrapper::buildWrapMethodSource must be in use. Note th...

XML-RPC for PHP's `Wrapper::buildClientWrapperCode` method allows code injection via malicious `$client` argument

In order for this weakness to be exploited, the following conditions have to apply, at the same time: - method Wrapper::buildClientWrapperCode, or any methods which depend on it, such as Wrapper::wrapXmlrpcServer, Wrapper::wrapXmlrpcMethod or Wrapper::buildWrapMethodSource must be in use. Note th...

GHSA-PXQJ-XRV5-QVJF XML-RPC for PHP's debugger vulnerable to possible XSS attack

The bundled xml-rpc debugger is susceptible to XSS attacks. Since the debugger is not designed to be exposed to end users but only to the developers using this library, and in the default configuration it is not exposed to requests from the web, the likelihood of exploitation may be low...

XML-RPC for PHP's debugger vulnerable to possible XSS attack

The bundled xml-rpc debugger is susceptible to XSS attacks. Since the debugger is not designed to be exposed to end users but only to the developers using this library, and in the default configuration it is not exposed to requests from the web, the likelihood of exploitation may be low...

PT-2023-33050 · Softwarex · Softwarex

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned, use: Software affected versions not specified Description: The issue concerns a susceptibility to XSS attacks in the bundled xml-rpc debugger. This debugger is intended for developers and not for en...