1091 matches found
Important: Red Hat Security Advisory: php53 security update
Updated php53 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available...
Important: php55
Issue Overview: An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. CVE-2014-3668 An integer overflow flaw was found in the way custom objects wer...
CVE-2014-2021
Cross-site scripting XSS vulnerability in admincp/apilog.php in vBulletin 4.2.2 and earlier, and 5.0.x through 5.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted XMLRPC API request, as demonstrated using the client name...
CVE-2014-2022
SQL injection vulnerability in includes/api/4/breadcrumbscreate.php in vBulletin 4.2.2, 4.2.1, 4.2.0 PL2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the conceptid argument in an xmlrpc API request...
Drupal Core XML-RPC Endpoint xmlrpc.php Tags Denial of Service (CVE-2014-5266)
A denial of service vulnerability has been reported in Drupal Core. The vulnerability can cause a very high CPU load and memory exhaustion. A remote unauthenticated attacker can exploit this vulnerability to cause a denial of service on the vulnerable system...
WordPress 3.5-3.7.1 - XML-RPC Denial of Service
PoC …...
WordPress 3.5-3.7.1 - XML-RPC Denial of Service
…...
CVE-2014-5035
The Netconf TCP service in OpenDaylight 1.0 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference in an XML-RPC message, related to an XML External Entity XXE issue...
CVE-2014-5035
The CVE-2014-5035 issue affects OpenDaylight 1.0 Netconf (TCP) service. It allows remote attackers to read arbitrary files via an XML External Entity (XXE) in conjunction with an entity reference inside an XML-RPC message, causing information disclosure. Root cause is processing of external entit...
CVE-2014-5265
The Incutio XML-RPC IXR Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, permits entity declarations without considering recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption via a crafted...
CVE-2014-5265
The Incutio XML-RPC IXR Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, permits entity declarations without considering recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption via a crafted...
CVE-2014-5266
The Incutio XML-RPC IXR Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, does not limit the number of elements in an XML document, which allows remote attackers to cause a denial of service CPU consumption via a large document, a different vulnerability...
CVE-2014-5266
The Incutio XML-RPC IXR Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, does not limit the number of elements in an XML document, which allows remote attackers to cause a denial of service CPU consumption via a large document, a different vulnerability...
UBUNTU-CVE-2014-5265
The Incutio XML-RPC IXR Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, permits entity declarations without considering recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption via a crafted...
Design/Logic Flaw
The Incutio XML-RPC IXR Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, permits entity declarations without considering recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption via a crafted...
CVE-2014-5265
The Incutio XML-RPC IXR Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, permits entity declarations without considering recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption via a crafted...
CVE-2014-5266
The Incutio XML-RPC IXR Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, does not limit the number of elements in an XML document, which allows remote attackers to cause a denial of service CPU consumption via a large document, a different vulnerability...
Design/Logic Flaw
The Incutio XML-RPC IXR Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, does not limit the number of elements in an XML document, which allows remote attackers to cause a denial of service CPU consumption via a large document, a different vulnerability...
CVE-2014-5266
The Incutio XML-RPC IXR Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, does not limit the number of elements in an XML document, which allows remote attackers to cause a denial of service CPU consumption via a large document, a different vulnerability...
CVE-2014-5266
CVE-2014-5266 affects Drupal Core XML-RPC Endpoint xmlrpc.php. The DoS arises from how XML-RPC requests are processed, leading to very high CPU load and memory exhaustion. Affected: Drupal 6.x prior to 6.33 and Drupal 7.x prior to 7.31. Exploitation requires no authentication and is remote. Remed...