Description
The XML_RPC_cd function in lib/pear/XML/RPC.php in Revive Adserver before 3.0.6 allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted XML-RPC request, aka an XML Entity Expansion (XEE) attack.
Remediation
References
Related Vulnerabilities
WordPress Plugin Simple Events Calendar SQL Injection (1.3.5)
WordPress Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability (CVE-2022-3590)
WordPress Plugin Contact Form Widget-Contact Query, Form Maker SQL Injection (1.0.9)
phpMyAdmin Improper Input Validation Vulnerability (CVE-2011-2719)
WordPress 3.8.x Cross-Site Scripting Vulnerability (3.8 - 3.8.11)