UBUNTU-CVE-2015-2172

DokuWiki before 2014-05-05d and before 2014-09-29c does not properly check permissions for the ACL plugins, which allows remote authenticated users to gain privileges and add or delete ACL rules via a request to the XMLRPC API...

Drupal Core XML-RPC Endpoint xmlrpc.php Internal Entity Expansion Denial of Service - Ver2 (CVE-2014-5265)

A denial of service vulnerability has been reported in Drupal Core. This can cause a very high CPU load and memory exhaustion. A remote unauthenticated attacker can exploit this vulnerability to cause a denial of service on the vulnerable system...

LupperA XMLRPC Propagation Request Code Execution - Ver2 (CVE-2005-1921)

A code execution vulnerability has been reported in Pear XML RPC. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Drupal Core XML-RPC Endpoint xmlrpc.php Internal Entity Expansion Denial of Service - Ver2 (CVE-2014-5265)

A denial of service vulnerability has been reported in Drupal Core. This can cause a very high CPU load and memory exhaustion. A remote unauthenticated attacker can exploit this vulnerability to cause a denial of service on the vulnerable system...

[SECURITY] [DSA 3183-1] movabletype-opensource security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3183-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso March 12, 2015 http://www.debian.org/security/faq -...

Debian DSA-3183-1 : movabletype-opensource - security update

Multiple vulnerabilities have been discovered in Movable Type, a blogging system. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2013-2184 Unsafe use of Storable::thaw in the handling of comments to blog posts could allow remote attackers to include and...

[SECURITY] [DSA 3183-1] movabletype-opensource security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3183-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso March 12, 2015 http://www.debian.org/security/faq -...

Debian Security Advisory DSA 3183-1 (movabletype-opensource - security update)

Multiple vulnerabilities have been discovered in Movable Type, a blogging system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-2184 Unsafe use of Storable::thaw in the handling of comments to blog posts could allow remote attackers to include and...

GHOST glibc Vulnerability Affects WordPress and PHP applications

After the disclosure of extremely critical GHOST vulnerability in the GNU C library glibc — a widely used component of most Linux distributions, security researchers have discovered that PHP applications, including the WordPress Content Management System CMS, could also be affected by the bug...

PHP 5.2.x < 5.2.7 Buffer Overflow Vulnerability (Jan 2015)

PHP is prone to a buffer overflow vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; ifdescription...

Symantec Workspace Streaming XML-RPC Arbitrary File Upload - Ver2 (CVE-2014-1649)

An arbitrary file upload vulnerability has been reported in Symantec Workspace. The vulnerability is due to lack of access control validation in the functionality used to process XMLRPC requests. A remote unauthenticated attacker could exploit this vulnerability by a sending specially crafted...

CVE-2014-8875

The XMLRPCcd function in lib/pear/XML/RPC.php in Revive Adserver before 3.0.6 allows remote attackers to cause a denial of service CPU and memory consumption via a crafted XML-RPC request, aka an XML Entity Expansion XEE attack...

Design/Logic Flaw

The XMLRPCcd function in lib/pear/XML/RPC.php in Revive Adserver before 3.0.6 allows remote attackers to cause a denial of service CPU and memory consumption via a crafted XML-RPC request, aka an XML Entity Expansion XEE attack...

CVE-2014-8875

Revive Adserver is affected by CVE-2014-8875 due to an XML Entity Expansion (XEE) vulnerability in the XML_RPC_cd function of lib/pear/XML/RPC.php. The advisory details that the Revive Adserver XML-RPC endpoints (delivery/XMLRPC and API endpoints) may be exploited by crafted XML payloads to exhau...

CVE-2014-8875

The XMLRPCcd function in lib/pear/XML/RPC.php in Revive Adserver before 3.0.6 allows remote attackers to cause a denial of service CPU and memory consumption via a crafted XML-RPC request, aka an XML Entity Expansion XEE attack...

Revive Adserver 3.0.5 Cross Site Scripting / Denial Of Service

======================================================================== Revive Adserver Security Advisory REVIVE-SA-2014-002 ------------------------------------------------------------------------ http://www.revive-adserver.com/security/revive-sa-2014-002...

Revive Adserver < 3.1.0 Multiple Vulnerabilities

Binary data 8607.prm...

CVE-2014-9057

SQL injection vulnerability in the XML-RPC interface in Movable Type before 5.18, 5.2.x before 5.2.11, and 6.x before 6.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2014-9057

SQL injection vulnerability in the XML-RPC interface in Movable Type before 5.18, 5.2.x before 5.2.11, and 6.x before 6.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

Sql injection

SQL injection vulnerability in the XML-RPC interface in Movable Type before 5.18, 5.2.x before 5.2.11, and 6.x before 6.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...