CVE-2014-5265

The Incutio XML-RPC IXR Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, permits entity declarations without considering recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption via a crafted...

CVE-2014-5265

The Incutio XML-RPC IXR Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, permits entity declarations without considering recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption via a crafted...

CVE-2014-5265

Technical details for CVE-2014-5265 are not publicly provided in the connected documents. The Initial Description mentions an XML entity expansion denial of service in IXR used by WordPress/Drupal. Monitor vendor advisories for updates.

CVE-2014-5266

The Incutio XML-RPC IXR Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, does not limit the number of elements in an XML document, which allows remote attackers to cause a denial of service CPU consumption via a large document, a different vulnerability...

WordPress <= 3.9.1 - Denial Of Service Attacks #1

The Incutio XML-RPC IXR Library, that is used in WordPress 3.9.1, does not limit the number of elements in an XML document. In that way the attackers can cause a denial of service attacks via a large document. Related records:...

WordPress <= 3.9.1 - Denial Of Service Attacks #2

The Incutio XML-RPC IXR Library permits entity declarations without considering recursion during entity expansion. In that way the attackers can cause a denial of service attacks via a crafted XML document containing a large number of nested entity references. Related records:...

Drupal 6.x < 6.33 / 7.x < 7.31 XML-RPC DoS

The remote web server is running a version of Drupal that is 6.x prior to 6.33 or 7.x prior to 7.31. It is, therefore, potentially affected by multiple denial of service vulnerabilities : - The XML-RPC library in Drupal allows entity declarations without considering recursion during entity...

Updated drupal packages fix security vulnerability

A denial of service issue exists in Drupal before 7.31, due to XML entity expansion in a publicly accessible XML-RPC endpoint. The drupal package has been updated to version 7.31 to fix this issue and other bugs. See the upstream advisory and release notes for more details...

WordPress 3.9.2 /xmlrpc.php 拒绝服务漏洞 poc

No description provided by source. CVE-XXXXX Wordpress and Drupal XML Blowup Attack DoS Author: Nir Goldshlager - Salesforce.com Product Security Team This is a Proof of Concept Exploit, Please use responsibly. !/usr/bin/env python from future import printfunction import threading import time...

SA-CORE-2014-004 - Drupal core - Denial of service

Drupal 6 and Drupal 7 include an XML-RPC endpoint which is publicly available xmlrpc.php. The PHP XML parser used by this XML-RPC endpoint is vulnerable to an XML entity expansion attack and other related XML payload attacks which can cause CPU and memory exhaustion and the site's database to rea...

Jetpack <= 2.9.2 - class.jetpack.php XML-RPC Access Control Bypass

The Jetpack – WP Security, Backup, Speed, & Growth WordPress plugin was affected by a class.jetpack.php XML-RPC Access Control Bypass security vulnerability...

WordPress XML-RPC Interface Access Restriction Bypass

...

Wordpress XML-RPC Username/Password Login Scanner

This module attempts to authenticate against a Wordpress-site via XMLRPC using username and password combinations indicated by the USERFILE, PASSFILE, and USERPASSFILE options. This module requires Metasploit: https://metasploit.com/download Current source:...

OpenVPN Access Server CSRF

XML-RPC interface CSRF...

OpenVPN Warns Customers of CSRF Bug in Access Server Desktop Client

OpenVPN is advising users of its Desktop Client to upgrade as soon as possible to avoid attacks against a CSRF vulnerability that can allow remote code execution. The vulnerability lies in a product that the company no longer supports and considers obsolete. An attacker could exploit the...

Zope 2.x Incorrect XML-RPC Request Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5806/info A vulnerability has been reported for Zope 2.5.1 and earlier. Reportedly, Zope does not handle XML-RPC requests properly. Specially crafted XML-RPC requests may cause Zope to respond to a request with an error...

PHP XML-RPC Arbitrary Code Execution

No description provided by source. $Id: phpxmlrpceval.rb 9929 2010-07-25 21:37:54Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of us...

Oracle VM Server Virtual Server Agent Command Injection

No description provided by source. $Id: oraclevmagentutl.rb 10821 2010-10-25 20:58:49Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms o...

PHP <= 5.3.2 xmlrpc Extension Multiple Remote Denial of Service Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/38708/info PHP's xmlrpc extension library is prone to multiple denial-of-service vulnerabilities because it fails to properly handle crafted XML-RPC requests. Exploiting these issues allows remote attackers to cause...

Crysis 1.21/1.5 HTTP/XML-RPC Service Access Violation Remote Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/35735/info Crysis is prone to a remote denial-of-service vulnerability because the application fails to handle exceptional conditions. An attacker can exploit this issue to crash the affected application, denying further...