Ashisuto DataSpider Servista 代码问题漏洞

Ashisuto DataSpider Servista is an enterprise data integration platform from Ashisuto Japan. A code issue vulnerability exists in Ashisuto DataSpider Servista 4.4 and prior versions, which stems from an improperly restricted XML external entity reference that could result in the reading of...

BIT-NIFI-2020-13940

In Apache NiFi 1.0.0 to 1.11.4, the notification service manager and various policy authorizer and user group provider objects allowed trusted administrators to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services via XXE...

SysAid On-Prem 安全漏洞

SysAid On-Prem is a locally deployed IT Service Management ITSM platform from SysAid Israel. A security vulnerability exists in SysAid On-Prem versions 23.3.40 and earlier, which stems from an unvalidated XML external entity vulnerability in the Checkin processing function that could lead to...

PT-2023-27482 · Lg · Lg Simple Editor

Name of the Vulnerable Software and Affected Versions: LG Simple Editor affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Authentication is not required to exploit this issue. The specif...

VulnCheck KEV: CVE-2019-13608

Citrix StoreFront Server contains an XML External Entity XXE processing vulnerability that may allow an unauthenticated attacker to retrieve potentially sensitive information...

CVE-2017-17762

XML external entity XXE vulnerability in Episerver 7 patch 4 and earlier allows remote attackers to read arbitrary files via a crafted DTD in an XML request involving util/xmlrpc/Handler.ashx...