ALC WebCTRL XML External Entity Injection Vulnerability
ALC WebCTRL is a building automation control system from Automated Logic Corporation ALC. An XML external entity injection vulnerability exists in ALC WebCTRL. The vulnerability can be exploited to disclose the contents of a file on the underlying web server operating system via the 'X-Wap-Profil...