Lucene search
K

195 matches found

Cvelist
Cvelist
added 2017/09/20 8:0 p.m.43 views

CVE-2017-14615

An FBX-5313 issue was discovered in WatchGuard Fireware before 12.0. When a failed login attempt is made to the login endpoint of the XML-RPC interface, if JavaScript code, properly encoded to be consumed by XML parsers, is embedded as value of the user element, the code will be rendered in the...

6.5AI score0.0095EPSS
Exploits1References3
CNVD
CNVD
added 2017/08/29 12:0 a.m.4 views

Red Hat Satellite Directory Traversal Vulnerability

Red Hat Satellite is a suite of system management platforms from Red Hat, Inc. that can be used to extend Linux infrastructures and provide system management functions such as administration, configuration, and monitoring. A directory traversal vulnerability exists in the XMLRPC interface in Red...

6.5CVSS6.7AI score0.0152EPSS
Exploits0References1
rapid7community
rapid7community
added 2017/06/30 7:9 p.m.226 views

Metasploit Wrapup

Metasploit Hackathon We were happy to host the very first Metasploit framework open source hackathon this past week in the Rapid7 Austin. Eight Metasploit hackers from outside of Rapid7 joined forces with the in-house team and worked on a lot of great projects, small and large. @bcook started the...

10CVSS9.7AI score0.98975EPSS
Exploits28
NVD
NVD
added 2017/01/23 9:59 p.m.19 views

CVE-2016-5742

SQL injection vulnerability in the XML-RPC interface in Movable Type Pro and Advanced 6.x before 6.1.3 and 6.2.x before 6.2.6 and Movable Type Open Source 5.2.13 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

9.8CVSS10AI score0.01644EPSS
Exploits0References5
Prion
Prion
added 2017/01/23 9:59 p.m.15 views

Sql injection

SQL injection vulnerability in the XML-RPC interface in Movable Type Pro and Advanced 6.x before 6.1.3 and 6.2.x before 6.2.6 and Movable Type Open Source 5.2.13 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

7.5CVSS9AI score0.01644EPSS
Exploits0References5Affected Software2
Cvelist
Cvelist
added 2017/01/23 9:0 p.m.22 views

CVE-2016-5742

SQL injection vulnerability in the XML-RPC interface in Movable Type Pro and Advanced 6.x before 6.1.3 and 6.2.x before 6.2.6 and Movable Type Open Source 5.2.13 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

10AI score0.01644EPSS
Exploits0References5
Hacker One
Hacker One
added 2016/06/20 7:16 p.m.144 views

Nextcloud: WordPress Vulnerabilities: User Enumeration, Vulnerable Akismet Plugin, XML-RPC Interface available

User Enumeration: It is possible to enumerate four WordPress usernames jancborchardt, jos, lukasreschke, frank. An attacker can use these username to carry out brute-force attack in order to forcefully authenticate. 2. Akismet Plugin2.5.0-3.1.4 vulnerable to unauthenticated Stored Cross Site...

0.7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2016/04/14 12:0 a.m.7 views

PT-2016-3556 · Red Hat · Spacewalk +1

Name of the Vulnerable Software and Affected Versions: Spacewalk and Red Hat Satellite version 5.7 Description: A cross-site scripting XSS issue exists, allowing remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the XMLRPC API, involving user details...

6.1CVSS5.6AI score0.01578EPSS
Exploits0References44
NVD
NVD
added 2015/05/14 2:59 p.m.31 views

CVE-2014-8162

XML external entity XXE in the RPC interface in Spacewalk and Red Hat Network RHN Satellite 5.7 and earlier allows remote attackers to read arbitrary files and possibly have other unspecified impact via unknown vectors...

7.5CVSS6.9AI score0.02694EPSS
Exploits0References3
CVE
CVE
added 2015/05/14 2:0 p.m.81 views

CVE-2014-8162

Summary: CVE-2014-8162 describes an XML External Entity (XXE) vulnerability in the RPC interface of Spacewalk and Red Hat Network (RHN) Satellite, affecting version 5.7 and earlier. The issue allows a remote attacker to read arbitrary files and potentially other unspecified impact via unknown vec...

7.5CVSS7.1AI score0.02694EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2015/05/14 12:0 a.m.5 views

PT-2015-4022 · Red Hat · Red Hat Network Satellite +1

Name of the Vulnerable Software and Affected Versions: Red Hat Network Satellite versions 5.7 and earlier Spacewalk versions 5.7 and earlier Description: The issue is related to an XML external entity XXE in the RPC interface. This allows remote attackers to read arbitrary files and possibly have...

7.5CVSS6.6AI score0.02694EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/05/11 5:40 p.m.31 views

Moderate: Red Hat Security Advisory: spacewalk-java security update

Updated spacewalk packages that fix one security issue are now available for Red Hat Satellite 5.7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available from t...

7.5CVSS5.8AI score0.02694EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2015/03/12 12:0 a.m.35 views

Debian Security Advisory DSA 3183-1 (movabletype-opensource - security update)

Multiple vulnerabilities have been discovered in Movable Type, a blogging system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-2184 Unsafe use of Storable::thaw in the handling of comments to blog posts could allow remote attackers to include and...

7.5CVSS0.6AI score0.75029EPSS
Exploits5References1
NVD
NVD
added 2014/12/16 6:59 p.m.23 views

CVE-2014-9057

SQL injection vulnerability in the XML-RPC interface in Movable Type before 5.18, 5.2.x before 5.2.11, and 6.x before 6.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

7.5CVSS8.2AI score0.01989EPSS
Exploits0References4
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.30 views

Microsoft Message Queueing Service DNS Name Path Overflow

No description provided by source. $Id: ms07065msmq.rb 9929 2010-07-25 21:37:54Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.26 views

Microsoft DNS RPC Service extractQuotedChar() Overflow (TCP)

No description provided by source. $Id: ms07029msdnszonename.rb 9929 2010-07-25 21:37:54Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and term...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.42 views

Microsoft Message Queueing Service Path Overflow

No description provided by source. $Id: ms05017msmq.rb 9262 2010-05-09 17:45:00Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/03/05 12:0 a.m.178 views

MS07-029: Vulnerability in Windows DNS RPC Interface Could Allow Remote Code Execution (935966) (uncredentialed check)

According to its self-reported version number, the Microsoft DNS Server running on the remote host contains an issue that could allow an attacker to execute arbitrary code with SYSTEM privileges. To exploit this issue, an attacker needs to connect to the DNS server RPC interface and send malforme...

10CVSS8.8AI score0.79128EPSS
Exploits17References2
Metasploit
Metasploit
added 2013/02/08 8:43 p.m.20 views

Titan FTP Administrative Password Disclosure

On Titan FTP servers prior to version 9.14.1628, an attacker can retrieve the username and password for the administrative XML-RPC interface, which listens on TCP Port 31001 by default, by sending an XML request containing bogus authentication information. After sending this request, the server...

0.2AI score
Exploits2
Tenable Nessus
Tenable Nessus
added 2012/06/21 12:0 a.m.15 views

Rocket U2 UniData < 7.3 unidata72 RPC Interface Call Parsing Arbitrary Command Execution

Binary data unidatacommandexecution.nbin...

7.3AI score
Exploits0References1
Rows per page
Query Builder