Lucene search
K

1089 matches found

OSV
OSV
added 2005/07/05 4:0 a.m.7 views

CVE-2005-2108

SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via input that is not filtered in the HTTPRAWPOSTDATA variable, which stores the data in an XML file...

8.1AI score
Exploits0References5
0day.today
0day.today
added 2005/07/04 12:0 a.m.140 views

xmlrpc.php Library <= 1.3.0 Remote Command Execute Exploit (2)

Exploit for unknown platform in category web applications ============================================================== xmlrpc.php Library / | | | || \ || | | | / /\ | \ || | / | | | ||/ || | || / \ | || || | / | | | || \ || | | / / \ \ | || || | / | | ||| || | | / |/ | || || | | | | || /| |...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2005/07/04 12:0 a.m.12 views

xmlrpc.php Library &lt;= 1.3.0 Remote Command Execute Exploit (2)

No description provided by source. ------------------------------------------------------- /| | | | | /\ | | / \ \ / / |\ | | / /\ \ \ | | / | | | || \ || | | | / /\ | \ || | / | | | ||/ || | || / \ | || || | / | | | || \ || | | / / \ \ | || || | / | | ||| || | | / |/ | || || | | | | || /| |...

7.1AI score
Exploits0
Cvelist
Cvelist
added 2005/07/01 4:0 a.m.28 views

CVE-2005-2108

SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via input that is not filtered in the HTTPRAWPOSTDATA variable, which stores the data in an XML file...

8.1AI score0.0932EPSS
Exploits1References3
CVE
CVE
added 2005/07/01 4:0 a.m.55 views

CVE-2005-2113

XOOPS &lt;= 2.0.11 is affected by an SQL injection in the XMLRPC loginUser function that lets remote attackers execute arbitrary SQL and bypass authentication via crafted XML (e.g., blogger.getPost). The issue is documented as CVE-2005-2113; severity is HIGH (CVSS v2: AV:N/AC:L/Au:N/C:P/I:P/A:P)....

7.5CVSS8.6AI score0.01247EPSS
Exploits2References4Affected Software1
CVE
CVE
added 2005/07/01 4:0 a.m.87 views

CVE-2005-2108

CVE-2005-2108 affects WordPress 1.5.1.2 and earlier, with an SQL injection in the XMLRPC server. The vulnerability arises because input is not filtered in the HTTP_RAW_POST_DATA variable that stores XML data, allowing remote attackers to execute arbitrary SQL commands. The NVD entry lists a CVSSv...

7.5CVSS8.1AI score0.0932EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2005/07/01 4:0 a.m.28 views

CVE-2005-2113

SQL injection vulnerability in the loginUser function in the XMLRPC server in XOOPS 2.0.11 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via crafted values in an XML file, as demonstrated using the blogger.getPost method...

8.6AI score0.01247EPSS
Exploits2References4
Debian CVE
Debian CVE
added 2005/07/01 4:0 a.m.32 views

CVE-2005-2108

SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via input that is not filtered in the HTTPRAWPOSTDATA variable, which stores the data in an XML file...

7.5CVSS7.4AI score0.0932EPSS
Exploits1
securityvulns
securityvulns
added 2005/07/01 12:0 a.m.48 views

Advisory 02/2005: Remote code execution in Serendipity

Hardened PHP Project www.hardened-php.net -= Security Advisory =- Advisory: Remote code execution in Serendipity Release Date: 2005/06/29 Last Modified: 2005/06/29 Author: Christopher Kunz [email protected] Application: Serendipity = 0.8.2 Severity: Arbitrary remote code execution...

7.5CVSS0.7AI score0.79071EPSS
Exploits5
Patchstack
Patchstack
added 2005/07/01 12:0 a.m.28 views

WordPress <= 1.5.1.2 - SQL injection

Because of this vulnerability in XMLRPC server, attackers can execute arbitrary SQL commands via input that is not filtered in the HTTPRAWPOSTDATA variable, which stores the data in an XML file. Solution Update the WordPress to the latest available version at least 1.5.1.3...

7.5CVSS6.6AI score0.0932EPSS
Exploits1References1Affected Software1
Packet Storm
Packet Storm
added 2005/07/01 12:0 a.m.40 views

wpcmdexec.pl.txt

!/usr/bin/perl -w Wordpress 1.5.1.2 Strayhorn // XMLRPC Interface SQL Injection By James Bercegay // http://www.gulftech.org/ // June 21 2005 Quick and dirty proof of concept that uses the XML RPC server vulnerabilities I discovered to extract a password hash & use that hash to execute shell...

Exploits0
Tenable Nessus
Tenable Nessus
added 2005/07/01 12:0 a.m.53 views

WordPress < 1.5.1.3 XMLRPC SQL Injection

The version of WordPress installed on the remote host is affected by a SQL injection vulnerability because the bundled XML-RPC library fails to properly sanitize user-supplied input to the 'xmlrpc.php' script. An attacker can exploit this flaw to launch SQL injection attacks that could lead to...

7.5CVSS5.8AI score0.0932EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2005/07/01 12:0 a.m.36 views

Mandrake Linux Security Advisory : php-pear (MDKSA-2005:109)

A vulnerability was discovered by GulfTech Security in the PHP XML RPC project. This vulnerability is considered critical and can lead to remote code execution. The vulnerability also exists in the PEAR XMLRPC implementation. Mandriva ships with the PEAR XMLRPC implementation and it has been...

7.5CVSS5.8AI score0.79071EPSS
Exploits5References2
Tenable Nessus
Tenable Nessus
added 2005/06/30 12:0 a.m.14 views

Xoops < 2.0.12 Multiple XSS / SQL Injection

Binary data 3041.prm...

7.5CVSS7.3AI score0.0174EPSS
Exploits3References4
exploitpack
exploitpack
added 2005/06/30 12:0 a.m.29 views

WordPress 1.5.1.2 - xmlrpc Interface SQL Injection

WordPress 1.5.1.2 - xmlrpc Interface SQL Injection !/usr/bin/perl -w sorry for the late posting, had to test it. /str0ke Wordpress 1.5.1.2 Strayhorn // XMLRPC Interface SQL Injection By James Bercegay // http://www.gulftech.org/ // June 21 2005 Quick and dirty proof of concept that uses the XML R...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2005/06/30 12:0 a.m.26 views

XOOPS 2.0.11 && Earlier Multiple Vulnerabilities

GulfTech Security Research June 28th, 2005 Vendor : XOOPS URL : http://www.xoops.org/ Version : XOOPS 2.0.11 And Earlier Risk : Multiple Vulnerabilities Description: XOOPS is a very popular dynamic web content management system written in Object Oriented PHP. One of the features of XOOPS is it's...

8.4AI score
Exploits0
seebug.org
seebug.org
added 2005/06/30 12:0 a.m.33 views

Wordpress &lt;= 1.5.1.2 xmlrpc Interface SQL Injection Exploit

No description provided by source. !/usr/bin/perl -w sorry for the late posting, had to test it. /str0ke Wordpress 1.5.1.2 Strayhorn // XMLRPC Interface SQL Injection By James Bercegay // http://www.gulftech.org/ // June 21 2005 Quick and dirty proof of concept that uses the XML RPC server...

7.1AI score
Exploits0
0day.today
0day.today
added 2005/06/30 12:0 a.m.73 views

Wordpress <= 1.5.1.2 xmlrpc Interface SQL Injection Exploit

Exploit for unknown platform in category web applications =========================================================== Wordpress wp.pl http://pathto/wp admin 1 "id;uname -a;pwd;uptime" Trying Host http://pathto/wp ... + The XMLRPC server seems to be working + Char 1 is 2 + Char 2 is 1 + Cha...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2005/06/30 12:0 a.m.61 views

WordPress Core 1.5.1.2 - &#039;xmlrpc&#039; Interface SQL Injection

!/usr/bin/perl -w sorry for the late posting, had to test it. /str0ke Wordpress 1.5.1.2 Strayhorn // XMLRPC Interface SQL Injection By James Bercegay // http://www.gulftech.org/ // June 21 2005 Quick and dirty proof of concept that uses the XML RPC server vulnerabilities I discovered to extract a...

7.4AI score
Exploits0
Ubuntu
Ubuntu
added 2005/06/29 6:16 p.m.46 views

USN-146-1: Ruby vulnerability

Nobuhiro IMAI discovered that the changed default value of the Modulepublicinstancemethods method broke the security protection of XMLRPC server handlers. A remote attacker could exploit this to execute arbitrary commands on an XMLRPC server...

7.5CVSS7.5AI score0.06565EPSS
Exploits0
Rows per page
Query Builder