17 matches found
EUVD-2019-0198
Malware in sbrugna...
EUVD-2024-36633
Malicious code in bioql PyPI...
EUVD-2025-6172
Malicious code in bioql PyPI...
EUVD-2022-42725
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2018-14720
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity XXE attacks by leveraging failure to block unspecified JDK...
CVE-2024-37397
An External XML Entity XXE vulnerability in the provisioning web service of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to leak API secrets...
VulnNodeApp - A Vulnerable Node.Js Application
A vulnerable application made using node.js, express server and ejs template engine. This application is meant for educational purposes only. Setup Clone this repository git clone https://github.com/4auvar/VulnNodeApp.git Application setup: Install the latest node.js version with npm. Open...
CVE-2022-3338
An External XML entity XXE vulnerability in ePO prior to 5.10 Update 14 can lead to an unauthenticated remote attacker to potentially trigger a Server Side Request Forgery attack. This can be exploited by mimicking the Agent Handler call to ePO and passing the carefully constructed XML file throu...
CVE-2021-45096
KNIME Analytics Platform before 4.5.0 is vulnerable to XXE external XML entity injection via a crafted workflow file .knwf, aka AP-17730...
CVE-2021-20838
Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity XXE attack to cause a denial of service DoS condition by processing a specially crafted XML document...
CVE-2018-14720
FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity XXE attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization. Mitigation The following conditions are needed for an exploit, we recommend avoiding all if possibl...
PT-2019-17091 · Ibm · Daeja Viewone Professional +2
Name of the Vulnerable Software and Affected Versions: IBM Daeja ViewONE Professional, Standard & Virtual versions 5.0.5 through 5.0.6 Description: The issue allows a remote attacker to exploit an XML External Entity Injection XXE attack when processing XML data, potentially exposing sensitive...
Deserialization of untrusted data
FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity XXE attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization...
Xxe
Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity XXE attacks via a crafted XSLT extension in a 1 or 2 JSTL XML tag...
CVE-2015-0254
Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity XXE attacks via a crafted XSLT extension in a 1 or 2 JSTL XML tag...
Enalean Tuleap 7.2 - XXE File Disclosure
No description provided by source. Vulnerability title: Tuleap = 7.2 External XML Entity Injection in Enalean Tuleap CVE: CVE-2014-7177 Vendor: Enalean Product: Tuleap Affected version: 7.2 and earlier Fixed version: 7.4.99.5 Reported by: Jerzy Kramarz Details: A multiple XML External Entity...
Symantec Endpoint Protection Manager XXE and SQL Injection Vulnerabilities
Added: 02/24/2014 CVE: CVE-2013-5014 BID: 65466 OSVDB: 103306 Background Symantec Endpoint Protection, by Symantec Corporation, is an antivirus and personal firewall product designed to be centrally managed in corporate environments by the Symantec Endpoint Protection Manager SEPM. The SEPM...