162,000 vulnerable WordPress websites abused to perform DDoS Attack

DDoS attacks are a growing issue facing by governments and businesses. In a recent attack, thousands of legitimate WordPress websites have been hijacked by hackers, without the need for them to be compromised. Instead, the attackers took advantage of an existing WordPress vulnerability...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in systems/sdc/notes.jsp in Spacewalk and Red Hat Network RHN Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the 1 subject or 2 content values of a note in a system.addNote XML-RPC call...

CVE-2012-6149

CVE-2012-6149 describes multiple XSS vulnerabilities in Spacewalk/RHN Satellite 5.6 via notes.jsp (subject/content) that allow an authenticated or remote attacker to inject scripts in the notes system.addNote XML-RPC flow. Connected sources identify Spacewalk 5.6 as affected and describe the root...

(spacewalk-java): XSS in system.addNote XML-RPC call due improper sanitization of note's subject and content

Multiple cross-site scripting XSS vulnerabilities in systems/sdc/notes.jsp in Spacewalk and Red Hat Network RHN Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the 1 subject or 2 content values of a note in a system.addNote XML-RPC call...

CVE-2012-0059

A flaw was found in Spacewalk-backend. This information disclosure vulnerability occurs when a system registration XML-RPC call fails, causing cleartext user passwords to be included in error messages. Remote administrators can exploit this by reading server logs and emails, leading to the...

CVE-2012-0059

CVE-2012-0059 affects the Spacewalk-backend in Red Hat Network Satellite and Proxy 5.4. A vulnerability in the system-registration XML-RPC error handling causes cleartext RHN user passwords to be included in error messages, exposing credentials via server logs and automated emails. This disclosur...

CVE-2012-0059 Spacewalk-backend: spacewalk-backend: information disclosure via cleartext passwords in error messages

A flaw was found in Spacewalk-backend. This information disclosure vulnerability occurs when a system registration XML-RPC call fails, causing cleartext user passwords to be included in error messages. Remote administrators can exploit this by reading server logs and emails, leading to the...

SA-CONTRIB-2014-007 - Services - Multiple access bypass vulnerabilities

This module enables you to expose an API to third party systems using REST, XML-RPC or other protocols. The form API provides a method for developers to submit forms programmatically using the function drupalformsubmit. During programmatic form submissions, all access checks are deliberately...

CVE-2014-0661

The System Status Collection Daemon SSCD in Cisco TelePresence System 500-37, 1000, 1300-65, and 3xxx before 1.10.242, and 500-32, 1300-47, TX1310 65, and TX9xxx before 6.0.411, allows remote attackers to execute arbitrary commands or cause a denial of service stack memory corruption via a crafte...

Memory corruption

The System Status Collection Daemon SSCD in Cisco TelePresence System 500-37, 1000, 1300-65, and 3xxx before 1.10.242, and 500-32, 1300-47, TX1310 65, and TX9xxx before 6.0.411, allows remote attackers to execute arbitrary commands or cause a denial of service stack memory corruption via a crafte...

CVE-2014-0661

The System Status Collection Daemon SSCD in Cisco TelePresence System 500-37, 1000, 1300-65, and 3xxx before 1.10.242, and 500-32, 1300-47, TX1310 65, and TX9xxx before 6.0.411, allows remote attackers to execute arbitrary commands or cause a denial of service stack memory corruption via a crafte...

CVE-2014-0661

The CVE-2014-0661 issue affects Cisco TelePresence System software (SSCD in System Status Collection Daemon) prior to specific versions (1.10.2(42) for 500-37/1000/1300-65/3xxx; 6.0.4(11) for 500-32/1300-47/TX1310 65/TX9xxx). A crafted XML-RPC message can enable remote command execution or cause ...

CVE-2013-7149

SQL injection vulnerability in www/delivery/axmlrpc.php aka the XML-RPC delivery invocation script in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to execute arbitrary SQL commands via the what parameter to an XML-RPC method...

Sql injection

SQL injection vulnerability in www/delivery/axmlrpc.php aka the XML-RPC delivery invocation script in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to execute arbitrary SQL commands via the what parameter to an XML-RPC method...

CVE-2013-7149

SQL injection vulnerability in www/delivery/axmlrpc.php aka the XML-RPC delivery invocation script in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to execute arbitrary SQL commands via the what parameter to an XML-RPC method...

CVE-2013-7149

CVE-2013-7149 describes a SQL injection in Revive Adserver’s XML-RPC delivery script (www/delivery/axmlrpc.php) via the what parameter, affecting Revive Adserver <= 3.0.1 and OpenX Source

VulnCheck KEV: CVE-2013-7149

SQL injection vulnerability in www/delivery/axmlrpc.php aka the XML-RPC delivery invocation script in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to execute arbitrary SQL commands via the what parameter to an XML-RPC method...

WordPress Jetpack Plugin <= 2.9.2 - Security BYPASS

This plugin does not properly restrict access to the XML-RPC service. In that way the attackers can bypass intended restrictions and publish posts via unspecified vectors. Solution Update the plugin...

Amazon Linux AMI : python27 (ALAS-2012-81)

SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service infinite loop and CPU consumption via an XML-RPC POST request that contains a smaller amount of data than specified...

Oracle Linux 4 : php (ELSA-2007-0349)

From Red Hat Security Advisory 2007:0349 : Updated PHP packages that fix two security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly...