94 matches found
Cross site scripting
Cross-site scripting XSS vulnerability in spacewalk-java in Spacewalk and Red Hat Satellite 5.7 allows remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the XMLRPC API, involving user details. NOTE: this vulnerability exists because of an incomplete fix for...
CVE-2015-0284
CVE-2015-0284 describes a cross-site scripting (XSS) vulnerability in spacewalk-java used by Spacewalk and Red Hat Satellite 5.7. The issue allows remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the XMLRPC API, involving user details, and is noted as a co...
CVE-2015-0284
Cross-site scripting XSS vulnerability in spacewalk-java in Spacewalk and Red Hat Satellite 5.7 allows remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the XMLRPC API, involving user details. NOTE: this vulnerability exists because of an incomplete fix for...
Moderate: Red Hat Security Advisory: spacewalk-java security update
An update for spacewalk-java is now available for Red Hat Satellite 5.7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
CVE-2015-2172
DokuWiki before 2014-05-05d and before 2014-09-29c does not properly check permissions for the ACL plugins, which allows remote authenticated users to gain privileges and add or delete ACL rules via a request to the XMLRPC API...
CVE-2015-2172
DokuWiki before 2014-05-05d and before 2014-09-29c does not properly check permissions for the ACL plugins, which allows remote authenticated users to gain privileges and add or delete ACL rules via a request to the XMLRPC API...
CVE-2015-2172
DokuWiki before 2014-05-05d and before 2014-09-29c does not properly check permissions for the ACL plugins, which allows remote authenticated users to gain privileges and add or delete ACL rules via a request to the XMLRPC API...
Cross site request forgery (csrf)
DokuWiki before 2014-05-05d and before 2014-09-29c does not properly check permissions for the ACL plugins, which allows remote authenticated users to gain privileges and add or delete ACL rules via a request to the XMLRPC API...
CVE-2015-2172
DokuWiki before 2014-05-05d and before 2014-09-29c does not properly check permissions for the ACL plugins, which allows remote authenticated users to gain privileges and add or delete ACL rules via a request to the XMLRPC API...
MGASA-2015-0093 Updated dokuwiki packages fix CVE-2015-2172
Updated dokuwiki package fixes security vulnerability: DokuWiki before 20140929c has a security issue in the ACL plugins remote API component. The plugin failed to check for superuser permissions before executing ACL addition or deletion. This means everybody with permissions to call the XMLRPC A...
Updated dokuwiki packages fix CVE-2015-2172
Updated dokuwiki package fixes security vulnerability: DokuWiki before 20140929c has a security issue in the ACL plugins remote API component. The plugin failed to check for superuser permissions before executing ACL addition or deletion. This means everybody with permissions to call the XMLRPC A...
CVE-2014-2021
Cross-site scripting XSS vulnerability in admincp/apilog.php in vBulletin 4.2.2 and earlier, and 5.0.x through 5.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted XMLRPC API request, as demonstrated using the client name...
Cross site scripting
Cross-site scripting XSS vulnerability in admincp/apilog.php in vBulletin 4.2.2 and earlier, and 5.0.x through 5.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted XMLRPC API request, as demonstrated using the client name...
CVE-2014-2021
Cross-site scripting XSS vulnerability in admincp/apilog.php in vBulletin 4.2.2 and earlier, and 5.0.x through 5.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted XMLRPC API request, as demonstrated using the client name...
CVE-2014-2022
SQL injection vulnerability in includes/api/4/breadcrumbscreate.php in vBulletin 4.2.2, 4.2.1, 4.2.0 PL2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the conceptid argument in an xmlrpc API request...
Sql injection
SQL injection vulnerability in includes/api/4/breadcrumbscreate.php in vBulletin 4.2.2, 4.2.1, 4.2.0 PL2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the conceptid argument in an xmlrpc API request...
CVE-2014-2022
SQL injection vulnerability in includes/api/4/breadcrumbscreate.php in vBulletin 4.2.2, 4.2.1, 4.2.0 PL2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the conceptid argument in an xmlrpc API request...
vBulletin 4.x - breadcrumbs via xmlrpc API (Authenticated) SQL Injection
CVE-2014-2022 - vbulletin 4.x - SQLi in breadcrumbs via xmlrpc API post-auth ============================================================================== Overview -------- date : 10/12/2014 cvss : 7.1 AV:N/AC:H/Au:S/C:C/I:C/A:C base cwe : 89 vendor : vBulletin Solutions product : vBulletin 4...
vBulletin 5.x / 4.x Persistent Cross Site Scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-2021 - vBulletin 5.x/4.x - persistent XSS in AdminCP/ApiLog via xmlrpc API post-auth ============================================================================ ==================== Overview - -------- date : 10/12/2014 cvss : 4.6...
Drupal /xmlrpc.php 拒绝服务漏洞 poc
早在2012 年 12 月 17 日一些采用 PHP 的知名博客程序 WordPress被曝光存在严重的漏洞,该漏洞覆盖WordPress 全部已发布的版本(包括WordPress 3.8.1)。该漏洞的 WordPress 扫描工具也在很多论坛和网站发布出来。工具可以利用 WordPress 漏洞来进行扫描,也可以发起DDoS 攻击。经过测试,漏洞影响存在 xmlrpc.php 文件的全部版本。 Pingback 是三种类型的反向链接中的一种,当有人链接或者盗用作者文章时来通知作者的一种方法。可以让作者了解和跟踪文章被链接或被转载的情况。一些全球最受欢迎的 blog 系统比如...