3 matches found
Tucows (VDP): Vulnerability: XML-RPC Interface Enabled and Accessible
Summary The website ███ has the XMLRPC interface enabled which exposes several methods including pingbackping and systemmulticall These methods can be abused by attackers to perform high volume denial of service DDoS attacks and brute force amplification attacks which can severely impact the...
Nextcloud: WordPress Vulnerabilities: User Enumeration, Vulnerable Akismet Plugin, XML-RPC Interface available
User Enumeration: It is possible to enumerate four WordPress usernames jancborchardt, jos, lukasreschke, frank. An attacker can use these username to carry out brute-force attack in order to forcefully authenticate. 2. Akismet Plugin2.5.0-3.1.4 vulnerable to unauthenticated Stored Cross Site...
Uber: Brute Force Amplification Attack
The websites on following hosts - newsroom.uber.com - eng.uber.com - brand.uber.com are vulnerable to Wordpress Brute Force Amplification Attack where an attacker can try a large number of Wordpress usernames and password login combinations in single HTTP request more at...