CVE-2026-32777

A flaw was found in libexpat. A remote attacker could exploit this vulnerability by providing specially crafted Document Type Definition DTD content. This could lead to an infinite loop during parsing, resulting in a Denial of Service DoS for the application using libexpat...

VulnCheck KEV: CVE-2017-17762

XML external entity XXE vulnerability in Episerver 7 patch 4 and earlier allows remote attackers to read arbitrary files via a crafted DTD in an XML request involving util/xmlrpc/Handler.ashx...

EUVD-2014-3027

Malware in sbrugna...

EUVD-2016-5020

Malware in sbrugna...

EUVD-2018-1309

Malware in sbrugna...

EUVD-2004-2236

Malware in sbrugna...

Medium: xmlrpc

Issue Overview: XML external entity XXE vulnerability in the Apache XML-RPC aka ws-xmlrpc library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery SSRF attacks via a crafted DTD. CVE-2016-5002 Affected Packages: xmlrpc Note: This advisory is...

Apache XML-RPC XXE Vulnerability

XML external entity XXE vulnerability in the Apache XML-RPC aka ws-xmlrpc library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery SSRF attacks via a crafted DTD...

GHSA-V8Q2-94F6-6XQ2 Improper Input Validation in Apache CXF

Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send...

in alovoa/alovoa

✍️ Description Affected versions of this package are vulnerable to XML External Entity XXE Injection via the SAML2AssertionValidator method. Access to external entities was not disabled in XML parsing. 🕵️‍♂️ Proof of Concept org.springframework.security spring-security-oauth2-client...

CVE-2020-7032

An XML external entity XXE vulnerability in Avaya WebLM admin interface allows authenticated users to read arbitrary files or conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request. Affected versions of Avaya WebLM include: 7.0 through 7.1.3.6 and 8.0 through 8.1.2...

Server side request forgery (ssrf)

An XML external entity XXE vulnerability in Avaya WebLM admin interface allows authenticated users to read arbitrary files or conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request. Affected versions of Avaya WebLM include: 7.0 through 7.1.3.6 and 8.0 through 8.1.2...

CVE-2020-15352

An XML external entity XXE vulnerability in Pulse Connect Secure PCS before 9.1R9 and Pulse Policy Secure PPS before 9.1R9 allows remote authenticated admins to conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request...

CVE-2020-15352

An XML external entity XXE vulnerability in Pulse Connect Secure PCS before 9.1R9 and Pulse Policy Secure PPS before 9.1R9 allows remote authenticated admins to conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request...

CVE-2020-8540

An XML external entity XXE vulnerability in Zoho ManageEngine Desktop Central before the 07-Mar-2020 update allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request...

CVE-2018-20687

An XML external entity XXE vulnerability in CommandCenterWebServices/.?wsdl in Raritan CommandCenter Secure Gateway before 8.0.0 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request...

Server side request forgery (ssrf)

An XML external entity XXE vulnerability in CommandCenterWebServices/.?wsdl in Raritan CommandCenter Secure Gateway before 8.0.0 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request...

CVE-2019-7442

An XML external entity XXE vulnerability in the Password Vault Web Access PVWA of CyberArk Enterprise Password Vault =10.7 allows remote attackers to read arbitrary files or potentially bypass authentication via a crafted DTD in the SAML authentication system...

xmlrpc: XML external entity vulnerability SSRF via a crafted DTD

XML external entity XXE vulnerability in the Apache XML-RPC aka ws-xmlrpc library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery SSRF attacks via a crafted DTD...

CVE-2017-17762

XML external entity XXE vulnerability in Episerver 7 patch 4 and earlier allows remote attackers to read arbitrary files via a crafted DTD in an XML request involving util/xmlrpc/Handler.ashx...