1091 matches found
Drupal 7.x < 7.43 Multiple Vulnerabilities
The version of Drupal running on the remote web server is 7.x prior to 7.43. It is, therefore, affected by the following vulnerabilities : - A flaw exists in the File module that allows an attacker to view, delete, or substitute a link to a file that has not yet been submitted or processed by a...
FreeBSD : drupal -- multiple vulnerabilities (59a0af97-dbd4-11e5-8fa8-14dae9d210b8)
Drupal Security Team reports : - File upload access bypass and denial of service File module - Drupal 7 and 8 - Moderately Critical - Brute force amplification attacks via XML-RPC XML-RPC server - Drupal 6 and 7 - Moderately Critical - Open redirect via path manipulation Base system - Drupal 6, 7...
WordPress < 3.0.3 XML-RPC Interface Access Restriction Bypass
Binary data 9112.prm...
Drupal Update Fixes 10 Vulnerabilities, One Critical
Developers at Drupal addressed 10 vulnerabilities in the content management system this week, including a critical access bypass issue that could have let users access certain elements thought to be blocked, and another issue that could lead to remote code execution. Through the critical access...
Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2016-001
File upload access bypass and denial of service File module - Drupal 7 and 8 - Moderately Critical A vulnerability exists in the File module that allows a malicious user to view, delete or substitute a link to a file that the victim has uploaded to a form while the form has not yet been submitted...
Brute force amplification attacks via XML-RPC
More info at https://www.drupal.org/SA-CORE-2016-001...
Brute force amplification attacks via XML-RPC
More info at https://www.drupal.org/SA-CORE-2016-001...
PHP 'PHP_to_XMLRPC_worker()' function information disclosure vulnerability
PHP is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. A security vulnerability in the PHP 'PHPtoXMLRPCworker' function allows remote attackers to exploit the vulnerability to obtain sensitive information...
Wordbrutepress - Wordpress Brute Force Multithreading with Standard and XML-RPC Login Method
Wordpress Brute Force Multithreading with standard and xml-rpc login method written in python. Features: 1. Multithreading 2. xml-rpc brute force mode 3. http and https protocols support 4. Random User Agent 5. Big wordlist support Usage: Standard login request: python wordbrutepress.py -S -t...
CVE-2015-6237 - Tripwire IP360 VnE Remote Administrative API Authentication Bypass/Privilege Acquisition Vulnerability
Document Title ================ Tripwire IP360 VnE Remote Administrative API Authentication Bypass/Privilege Acquisition Vulnerability Affected Products =================== Vendor: Tripwire Software/Appliance: IP360 VnE Vulnerability Manager Affected verified versions: v7.2.2 - v7.2.5 CVE =====...
WordPress Security: Brute Force Amplification Attack Targeting Thousand of Blogs
Most of the times, we have reported about WordPress vulnerabilities involving vulnerable plugins, but this time security researchers have discovered Brute Force Amplification attacks on the most popular CMS content management system platform. Researchers from security firm Sucuri have found a way...
Tripwire IP360 VnE Remote Administrative API Authentication Bypass Vulnerability
The IP350 VnE is susceptible to a remote XML-RPC authentication bypass vulnerability, which allows for specially crafted privileged commands to be remotely executed without authentication. The RPC service is available on the public HTTPS interface of the VnE by default, and cannot be disabled...
Z-BLOG Blind-XXE Arbitrary File Read Vulnerability
Z-Blog is developed by RainbowSoft Studio a Blog program based on the Asp platform . Z-Blog has an arbitrary file read vulnerability. /zbsystem/xml-rpc/index.php directly call simpleloadstring parsing XML, resulting in XML entity injection, an attacker can read system files using the vulnerabilit...
PHPXMLRPC < 1.1 - Remote Code Execution
PHPXMLRPC Remote Code Execution Vendor: Useful Information Inc. Product: PHPXMLRPC Version: = 1.1 Website: http://phpxmlrpc.sourceforge.net/ BID: 14088 CVE: CVE-2005-1921 OSVDB: 17793 SECUNIA: 15852 PACKETSTORM: 38394 Description: PHPXMLRPC aka XML-RPC For PHP is a PHP implementation of the XML-R...
PHPXMLRPC 1.1 - Remote Code Execution
PHPXMLRPC 1.1 - Remote Code Execution PHPXMLRPC Remote Code Execution Vendor: Useful Information Inc. Product: PHPXMLRPC Version: = 1.1 Website: http://phpxmlrpc.sourceforge.net/ BID: 14088 CVE: CVE-2005-1921 OSVDB: 17793 SECUNIA: 15852 PACKETSTORM: 38394 Description: PHPXMLRPC aka XML-RPC For PH...
PEAR XML_RPC < 1.3.0 - Remote Code Execution
PEAR XMLRPC Remote Code Execution Vendor: The PEAR Group Product: PEAR XMLRPC Version: = 1.3.0 Website: http://pear.php.net/package/XMLRPC/ CVE: 17793 PACKETSTORM: 38393 Description: PEAR XMLRPC is a PHP implementation of the XML-RPC web RPC protocol, and used by many different developers across...
UBUNTU-CVE-2013-1753
The gzipdecode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service memory consumption via a crafted HTTP request...
Six Apart Movable Type SQLi Vulnerability (Dec 2014)
Six Apart Movable Type is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Magento XML-RPC XXE Arbitrary File Disclosure
The Magento application running on the remote web server is affected by an XML external entity injection XXE vulnerability due to improper parsing of XML data in the ZendXmlRpcServer class. A remote, unauthenticated attacker can exploit this vulnerability to view arbitrary files on the remote hos...
DEBIAN-CVE-2015-2172
DokuWiki before 2014-05-05d and before 2014-09-29c does not properly check permissions for the ACL plugins, which allows remote authenticated users to gain privileges and add or delete ACL rules via a request to the XMLRPC API...