7 matches found
EUVD-2023-59775
Malicious code in bioql PyPI...
CVE-2023-7307
Sangfor Behavior Management System also referred to as DC Management System in Chinese-language documentation contains an XML external entity XXE injection vulnerability in the /src/sangforindex endpoint. A remote unauthenticated attacker can submit crafted XML data containing external entity...
Sangfor Behavior Management System 安全漏洞
Sangfor Behavior Management System is a behavior management software from China-based Sangfor. A security vulnerability exists in the Sangfor Behavior Management System that stems from an improperly configured XML parser, which could lead to internal file disclosure or server-side request forgery...
CVE-2020-26831
SAP BusinessObjects BI Platform Crystal Report, versions - 4.1, 4.2, 4.3, does not sufficiently validate uploaded XML entities during crystal report generation due to missing XML validation, An attacker with basic privileges can inject some arbitrary XML entities leading to internal file...
DEBIAN-CVE-2021-3902
An improper restriction of external entities XXE vulnerability in dompdf/dompdf's SVG parser allows for Server-Side Request Forgery SSRF and deserialization attacks. This issue affects all versions prior to 2.0.0. The vulnerability can be exploited even if the isRemoteEnabled option is set to...
CVE-2021-46417
Insecure handling of a download function leads to disclosure of internal files due to path traversal with root privileges in Franklin Fueling Systems Colibri Controller Module 1.8.19.8580...
Server side request forgery (ssrf)
SAP BusinessObjects BI Platform Crystal Report, versions - 4.1, 4.2, 4.3, does not sufficiently validate uploaded XML entities during crystal report generation due to missing XML validation, An attacker with basic privileges can inject some arbitrary XML entities leading to internal file...