XML-RPC Library <= 1.3.0 (xmlrpc.php) Remote Code Injection Exploit

No description provided by source. tested and working /str0ke !/usr/bin/perl ilo-- This program is no GPL or has nothing to do with FSF, but some code was ripped from romansoft.. sorry, too lazy! xmlrpc bug by James from GulfTech Security Research. http://pear.php.net/bugs/bug.php?id=4692 xmlrpc...

xmlrpc.php Library <= 1.3.0 - Remote Command Execute Exploit (3)

No description provided by source. !/usr/bin/perl -w XML-RPC Remote Command Execution Exploit By Mike Rifone This works on da phpxmlrpc, and da PEAR XMLRPC too! All you need is to put the url to the server and u get shell Dis is my first exploit but hey it works :D Mike@Rifone use LWP::UserAgent;...

Yukihiro Matsumoto Ruby 1.x XMLRPC Server Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/17645/info Ruby is affected by a denial-of-service vulnerability in the WEBrick HTTP server. This issue is due to the use of blocking network operations. Ruby's implementation of XML/RPC is also affected, since it uses th...

[KIS-2014-05] Dotclear &lt;= 2.6.2 &#40;XML-RPC Interface&#41; Authentication Bypass Vulnerability

------------------------------------------------------------------------- Dotclear = 2.6.2 XML-RPC Interface Authentication Bypass Vulnerability ------------------------------------------------------------------------- - Software Link: http://dotclear.org/ - Affected Versions: Version 2.6.2 and...

CVE-2014-3781

The dcXmlRpc::setUser method in nc/core/class.dc.xmlrpc.php in Dotclear before 2.6.3 allows remote attackers to bypass authentication via an empty password in an XML-RPC request...

CVE-2014-3781

The dcXmlRpc::setUser method in nc/core/class.dc.xmlrpc.php in Dotclear before 2.6.3 allows remote attackers to bypass authentication via an empty password in an XML-RPC request...

Authentication flaw

The dcXmlRpc::setUser method in nc/core/class.dc.xmlrpc.php in Dotclear before 2.6.3 allows remote attackers to bypass authentication via an empty password in an XML-RPC request...

CVE-2014-3781

CVE-2014-3781 describes an authentication bypass in Dotclear prior to 2.6.3 due to the dcXmlRpc::setUser method: if a user is attempting XML-RPC login with an empty password, the checkUser() path can be bypassed, allowing remote authentication bypass when the XML-RPC interface is enabled. Affecte...

CVE-2014-3781

The dcXmlRpc::setUser method in nc/core/class.dc.xmlrpc.php in Dotclear before 2.6.3 allows remote attackers to bypass authentication via an empty password in an XML-RPC request...

Symantec Workspace Streaming XML-RPC Arbitrary File Upload (CVE-2014-1649)

An arbitrary file upload vulnerability exists in Symantec Workspace. The vulnerability is due to lack of access control validation in the functionality used to process XMLRPC requests. A remote unauthenticated attacker could exploit this vulnerability by a sending specially crafted XML-RPC reques...

Dotclear 2.6.2 Multiple Vulnerability

Dotclear versions 2.6.2 and below suffer from a remote SQL injection, remote shell upload Dotclear 2.6.2 SQL Injection Vulnerability - Affected Versions: Version 2.6.2 and probably prior versions. - Vulnerability Description: The vulnerable code is located in /admin/categories.php: 70. Update ord...

Dotclear 2.6.2 Authentication Bypass

------------------------------------------------------------------------- Dotclear core-auth-userID == $userid 267. return true; 268. 269. 270. if $this-core-auth-checkUser$userid,$pwd !== true 271. throw new Exception'Login error'; 272. 273. 274. return true; The vulnerability exists because of...

Jetpack Plugin for WordPress Security Bypass

The WordPress Jetpack plugin installed on the remote host is affected by a security bypass vulnerability due to a flaw in the 'class.jetpack.php' script. This can allow a remote, unauthenticated attacker to submit crafted XML-RPC requests that bypass access controls, allowing the attacker to...

Information disclosure

The Jetpack plugin before 1.9 before 1.9.4, 2.0.x before 2.0.9, 2.1.x before 2.1.4, 2.2.x before 2.2.7, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.2, 2.6.x before 2.6.3, 2.7.x before 2.7.2, 2.8.x before 2.8.2, and 2.9.x before 2.9.3 for WordPress does not properly restrict access to...

CVE-2014-0173

The Jetpack plugin before 1.9 before 1.9.4, 2.0.x before 2.0.9, 2.1.x before 2.1.4, 2.2.x before 2.2.7, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.2, 2.6.x before 2.6.3, 2.7.x before 2.7.2, 2.8.x before 2.8.2, and 2.9.x before 2.9.3 for WordPress does not properly restrict access to...

CVE-2014-0173

The CVE-2014-0173 issue concerns the WordPress Jetpack plugin: multiple historical versions (up to 2.9.x before 2.9.3, and older branches) fail to properly restrict access to the XML-RPC service, allowing remote attackers to bypass access controls and publish posts via unspecified vectors. The ro...

WordPress Jetpack插件安全绕过漏洞

Bugtraq ID:66789 CVE ID:CVE-2014-0173 WordPress是一种使用PHP语言开发的博客平台，用户可以在支持PHP和MySQL数据库的服务器上架设自己的网志。 WordPress Jetpack插件访问XML-RPC服务时不正确校验授权，允许攻击者利用漏洞执行受限操作。 0 WordPress Jetpack Plugin 2.x WordPress Jetpack Plugin 2.9.3版本已修复该漏洞，建议用户下载使用： http://wordpress.org/plugins/jetpack/...

WordPress XML-RPC PingBack vulnerability analysis-vulnerability warning-the black bar safety net

! Screen Shot 2014-03-12 at 9.47.56 AM A recent article outlines how to use the WordPress XML-RPC pingback functionDDosattack. This article will be on the attack for analysis, while for the site administrator to provide information to protect their website. This is not a new vulnerability WordPre...

WordPress XML-RPC PingBack vulnerability analysis-vulnerability warning-the black bar safety net

This is not a new vulnerability WordPress XML-RPC API is not new launch. The following is the seven years ago wordpress bug data. ! Screen Shot 2014-03-12 at 10.15.29 AM Although the vulnerability is not the latest, but the attack code/tools is nearly two years to appear. Tools for script kiddies...

162,000 WordPress Sites Used in DDoS Attack

More than 162,000 “popular and clean” WordPress sites were recently used in a large-scale distributed denial of service attack DDoS that exploited the content management system’s pingback feature. While the WordPress team is aware of the issue it’s not expected to be patched as it’s a default...