1091 matches found
WordPress <=4.7.4 - Post Meta Data Values Improper Handling in XML-RPC API
WordPress versions starting from 2.5 to 4.7.4 have the improper handling of post meta data values in the XML-RPC Remote Procedure Call API. Discovered and reported by Sam Thomas. Solution Update WordPress core to the latest possible version at least 4.7.5...
WPSeku - Simple Wordpress Security Scanner
WPSeku is a black box WordPress vulnerability scanner that can be used to scan remote WordPress installations to find security issues. Usage | | \ \ /\ / / ' / |/ \ |/ / | | | \ V V /| | \ \ / | || | // | ./|/||\,| || -- WPSeku - Wordpress Security Scanner -- WPSeku - v0.1.0 -- Momo Outaadi...
CVE-2017-8056
WatchGuard Fireware v11.12.1 and earlier mishandles requests referring to an XML External Entity XXE, in the XML-RPC agent. This causes the Firebox wgagent process to crash. This process crash ends all authenticated sessions to the Firebox, including management connections, and prevents new...
Xxe
WatchGuard Fireware v11.12.1 and earlier mishandles requests referring to an XML External Entity XXE, in the XML-RPC agent. This causes the Firebox wgagent process to crash. This process crash ends all authenticated sessions to the Firebox, including management connections, and prevents new...
Design/Logic Flaw
WatchGuard Fireware allows user enumeration, e.g., in the Firebox XML-RPC login handler. A login request that contains a blank password sent to the XML-RPC agent in Fireware v11.12.1 and earlier returns different responses for valid and invalid usernames. An attacker could exploit this...
CVE-2017-8055
WatchGuard Fireware allows user enumeration, e.g., in the Firebox XML-RPC login handler. A login request that contains a blank password sent to the XML-RPC agent in Fireware v11.12.1 and earlier returns different responses for valid and invalid usernames. An attacker could exploit this...
CVE-2017-8055
WatchGuard Fireware contains a user enumeration flaw in the Firebox XML-RPC login handler. A login request with a blank password to the XML-RPC agent in Fireware v11.12.1 and earlier yields different responses for valid versus invalid usernames, enabling an attacker to enumerate valid usernames o...
CVE-2017-8056
WatchGuard Fireware v11.12.1 and earlier are affected by an XML External Entity (XXE) issue in the XML-RPC agent. The vulnerability causes the Firebox wgagent process to crash, terminating all authenticated sessions (including management connections) and potentially degrading overall performance ...
CVE-2017-8055
WatchGuard Fireware allows user enumeration, e.g., in the Firebox XML-RPC login handler. A login request that contains a blank password sent to the XML-RPC agent in Fireware v11.12.1 and earlier returns different responses for valid and invalid usernames. An attacker could exploit this...
Watchguard Firebox / XTM XXE Injection
Watchguardas Firebox and XTM are a series of enterprise grade network security appliances providing advanced security services like next generation firewall, intrusion prevention, malware detection and blockage and others. Two vulnerabilities were discovered affecting the XML-RPC interface of the...
Watchguard Firebox / XTM XXE Injection Vulnerability
Watchguard's Firebox and XTM appliances suffer from XML external entity injection and XML-RPC user enumeration vulnerabilities. Watchguardas Firebox and XTM are a series of enterprise grade network security appliances providing advanced security services like next generation firewall, intrusion...
CVE-2016-5742
SQL injection vulnerability in the XML-RPC interface in Movable Type Pro and Advanced 6.x before 6.1.3 and 6.2.x before 6.2.6 and Movable Type Open Source 5.2.13 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2016-5742
SQL injection vulnerability in the XML-RPC interface in Movable Type Pro and Advanced 6.x before 6.1.3 and 6.2.x before 6.2.6 and Movable Type Open Source 5.2.13 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
Sql injection
SQL injection vulnerability in the XML-RPC interface in Movable Type Pro and Advanced 6.x before 6.1.3 and 6.2.x before 6.2.6 and Movable Type Open Source 5.2.13 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2016-5742
SQL injection vulnerability in the XML-RPC interface in Movable Type Pro and Advanced 6.x before 6.1.3 and 6.2.x before 6.2.6 and Movable Type Open Source 5.2.13 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2016-5742
CVE-2016-5742 is an SQL injection in the XML-RPC interface of Movable Type Pro/Advanced (6.x before 6.1.3 and 6.2.x before 6.2.6) and Movable Type Open Source 5.2.13 and earlier, allowing remote attackers to execute arbitrary SQL via unspecified vectors. Connected sources confirm the vulnerabilit...
USN-3059-1: xmlrpc-epi vulnerability
It was discovered that xmlrpc-epi incorrectly handled lengths in the simplestringaddn function. A remote attacker could use this issue to cause applications using xmlrpc-epi such as PHP to crash, resulting in a denial of service, or possibly execute arbitrary code...
DLA-569-1 xmlrpc-epi - security update
Bulletin has no description...
[SECURITY] Fedora 23 Update: kf5-kxmlrpcclient-5.24.0-1.fc23
KDE Frameworks 5 Tier 3 library for interaction with XML RPC services...
[SECURITY] Fedora 23 Update: kf5-kpeople-5.24.0-1.fc23
KDE Frameworks 5 Tier 3 library for interaction with XML RPC services...