Lucene search
K

1907 matches found

CNVD
CNVD
added 2015/01/14 12:0 a.m.3 views

odata4j XML External Entity Injection Vulnerability

odata4j is a new open source toolkit. An external entity injection vulnerability exists in odata4j XML, which can be exploited by attackers to obtain sensitive information...

5CVSS7.2AI score0.0211EPSS
Exploits1References1
seebug.org
seebug.org
added 2015/01/14 12:0 a.m.18 views

mcms v3.1.0 sql注入+任意文件读取。

简要描述: rt。打包 详细说明: app/weixin/notify.php $wx=new weixin; if$wx-checksignature //用于更改通知地址 ifisset$GET"echostr" die$GET"echostr"; //被动响应消息和事件 responsemsg; function responsemsg global $dbm,$C; $postStr = $GLOBALS"HTTPRAWPOSTDATA"; if!empty$postStr $postObj = simplexmlloadstring$postStr,...

7.1AI score
Exploits0
CNVD
CNVD
added 2015/01/07 12:0 a.m.1 views

McAfee ePolicy Orchestrator 'conditionXML' Parameter XML External Entity Injection Vulnerability

McAfee ePolicy Orchestrator ePO is an industry-leading systems security management solution that helps organizations effectively defend against a wide range of malicious threats and attacks. An XML external entity injection vulnerability exists in the McAfee ePolicy Orchestrator 'conditionXML'...

7.2AI score
Exploits0References1
0day.today
0day.today
added 2014/12/23 12:0 a.m.45 views

NetIQ Access Manager 4.0 SP1 - Multiple Vulnerabilities

Exploit for jsp platform in category web applications product: NetIQ Access Manager vulnerable version: 4.0 SP1 fixed version: 4.0 SP1 Hot Fix 3 CVE number: CVE-2014-5214, CVE-2014-5215, CVE-2014-5216, CVE-2014-5217 impact: High homepage: https://www.netiq.com/ found: 2014-10-29 by: W. Ettlinger...

4.3CVSS6.5AI score0.03236EPSS
Exploits8
OpenVAS
OpenVAS
added 2014/12/19 12:0 a.m.29 views

NetIQ Access Manager < 4.0 SP1 Hot Fix 3 Multiple Vulnerabilities - Active Check

NetIQ Access Manager suffers from cross-site request forgery CSRF, XML external entity XXE injection, information disclosure, and cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are...

4.3CVSS5.9AI score0.03236EPSS
Exploits7References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/11/14 12:0 a.m.79 views

JVN#91502163: Direct Web Remoting (DWR) vulnerable to XML external entity injection

Direct Web Remoting DWR is a Java framework for developing Ajax into web applications. DWR contains an XML external entity injection vulnerability CWE-611. Impact When an application uses a function to convert DOM data DOMConverter, JDOMConverter, DOM4JConverter or XOMConverter and a specially...

5CVSS6.6AI score0.02318EPSS
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.57 views

Enalean Tuleap 7.2 - XXE File Disclosure

No description provided by source. Vulnerability title: Tuleap = 7.2 External XML Entity Injection in Enalean Tuleap CVE: CVE-2014-7177 Vendor: Enalean Product: Tuleap Affected version: 7.2 and earlier Fixed version: 7.4.99.5 Reported by: Jerzy Kramarz Details: A multiple XML External Entity...

4CVSS6.5AI score0.03324EPSS
Exploits6
Tenable Nessus
Tenable Nessus
added 2014/11/10 12:0 a.m.36 views

Symantec Endpoint Protection Manager < 12.1 RU5 Multiple Vulnerabilities (SYM14-015)

The version of Symantec Endpoint Protection Manager SEPM installed on the remote host is 12.1 prior to 12.1 RU5. It is, therefore, affected by the following vulnerabilities : - An XML external entity XXE injection vulnerability due to improper validation of XML external entities. A remote attacke...

7.5CVSS5.8AI score0.08541EPSS
Exploits9References4
Symantec
Symantec
added 2014/11/05 8:0 a.m.30 views

Symantec Endpoint Protection Manager Multiple Issues

SUMMARY The management console for Symantec Endpoint Protection Manager SEPM is susceptible to multiple vulnerabilities including XML External Entity Injection, reflected cross-site scripting and the potential for arbitrary file write/overwrite. AFFECTED PRODUCTS Product | Version | Build |...

7.5CVSS0.2AI score0.08541EPSS
Exploits9Affected Software1
OpenVAS
OpenVAS
added 2014/11/03 12:0 a.m.29 views

Scalix Web Access <= 11.4.6.12377, 12.x <= 12.2.0.14697 XXE and XSS Vulnerability

Scalix Web Access is prone to an XML external entity XXE injection and to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

6.4CVSS5.9AI score0.01419EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2014/10/30 12:0 a.m.53 views

F5 Big-IP 11.3.0.39.0 XML External Entity Injection #2

Vulnerability title: XML External Entity Injection in F5 Networks Big-IP CVE: CVE-2014-6033 Vendor: F5 Networks Product: Big-IP Affected version: 11.3.0.39.0 Fixed version: N/A Reported by: Oliver Gruskovnjak Details: F5 Networks Big-IP is vulnerable to an XML External Entity injection attack. Th...

0.3AI score
Exploits2
Packet Storm
Packet Storm
added 2014/10/28 12:0 a.m.53 views

Tuleap 7.2 XXE Injection

Vulnerability title: Tuleap = 7.2 External XML Entity Injection in Enalean Tuleap CVE: CVE-2014-7177 Vendor: Enalean Product: Tuleap Affected version: 7.2 and earlier Fixed version: 7.4.99.5 Reported by: Jerzy Kramarz Details: A multiple XML External Entity Injection has been found and confirmed...

4CVSS6.6AI score0.03324EPSS
Exploits6
Exploit DB
Exploit DB
added 2014/10/28 12:0 a.m.60 views

Enalean Tuleap 7.2 - XML External Entity File Disclosure

Vulnerability title: Tuleap = 7.2 External XML Entity Injection in Enalean Tuleap CVE: CVE-2014-7177 Vendor: Enalean Product: Tuleap Affected version: 7.2 and earlier Fixed version: 7.4.99.5 Reported by: Jerzy Kramarz Details: A multiple XML External Entity Injection has been found and confirmed...

4CVSS6.6AI score0.03324EPSS
Exploits6
F5 Networks
F5 Networks
added 2014/09/17 12:0 a.m.84 views

SOL15605 - XML Entity Injection vulnerabilities CVE-2014-6032 and CVE-2014-6033

Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not...

5.5CVSS2.4AI score0.02896EPSS
Exploits3References6
Silent Robot Systems
Silent Robot Systems
added 2014/09/03 4:0 a.m.15 views

XML Entity Cheatsheet

An XML Entity testing cheatsheet. Testing was done using an older vulnerable version of nokogiri. In IRB you can require previous versions of gems. Certain techniques e.g. XInclude may require additional settings in Nokogiri. XML Headers: 1 2 | ---|--- Vanilla entity test: 1 | &post ---|--- SYSTE...

6.9AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2014/07/16 12:0 a.m.36 views

Hewlett-Packard Intelligent Management Center RssServlet Information Disclosure Vulnerability

This vulnerability allows remote attackers to obtain sensitive information on vulnerable installations of Hewlett-Packard Intelligent Management Center. Authentication is required to exploit this vulnerability. The specific flaw exists within the RssServlet servlet. This servlet exhibits an XML...

8.5CVSS7.1AI score0.02626EPSS
Exploits0References1
Snyk
Snyk
added 2014/04/08 1:34 p.m.2 views

XML External Entity (XXE) Injection

Overview Scrapy is a high-level web crawling and web scraping framework, used to crawl websites and extract structured data from their pages. Affected versions of this package are vulnerable to XML External Entity XXE Injection via the sitemap reader. Details XXE Injection is a type of attack...

7.3CVSS7.4AI score
Exploits0References2
seebug.org
seebug.org
added 2014/04/04 12:0 a.m.20 views

EMC Cloud Tiering Appliance (CTA) XML外部实体注入漏洞

Bugtraq ID:66547 EMC Cloud Tiering Appliance能够协助存储管理人员有效简单的管理以档案为单位的非结构性数据。 EMC Cloud Tiering Appliance在解析XML数据时存在输入验证漏洞可导致XML注入漏洞,允许攻击者提交特殊的POST请求,获取敏感信息。 0 EMC Cloud Tiering Appliance CTA 10.0 目前没有详细解决方案: http://china.emc.com/archiving/cloud-tiering-appliance.htm POST /api/login HTTP/1.1 Host:...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/02/27 12:0 a.m.25 views

McAfee ePolicy Orchestrator < 4.6.7 HF940148 XML Entity Injection (SB10065)

The remote Windows host is running a version of McAfee ePolicy Orchestrator ePO prior to 4.6.7 hotfix 940148. It is, therefore, affected by an XML entity injection vulnerability due to a failure to properly sanitize user-supplied input. An authenticated, remote attacker with permission to add new...

6.3CVSS5.9AI score0.02003EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2014/02/17 12:0 a.m.48 views

Symantec Endpoint Protection Manager < 11.0 RU7-MP4a / 12.1 RU4a Multiple Vulnerabilities (SYM14-004)

The version of Symantec Endpoint Protection Manager SEPM running on the remote host is either 11.x prior to 11.0 RU7-MP4a or 12.x prior to 12.1 RU4a. It is, therefore, affected by multiple vulnerabilities: - SEPM is affected by an XML external entity injection vulnerability due to a failure to...

7.5CVSS6.2AI score0.67573EPSS
Exploits18References4
Rows per page
Query Builder