29 matches found
DSpace 7.x / 8.x XMLUI Data Extraction
This Python script sends an HTTP request to a DSpace XMLUI "discover" endpoint using specific query parameters and session cookies. It attempts to retrieve up to 100 records in XML format and saves the response locally as a raw XML dump file. After downloading the data, it performs a basic text...
CVE-2023-25914
Due to improper restriction, authenticated attackers could retrieve and read system files of the underlying server through the XML interface. The information that can be read can lead to a full system compromise...
EUVD-2025-199000
Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware used by many white-labeled DVR/NVR/IPC products contains hardcoded API credentials and an OS command injection flaw in its configuration services. The web/API interface accepts HTTP/XML requests authenticated with a fixed vendor...
EUVD-2015-2359
Malware in sbrugna...
EUVD-2018-15603
Malware in sbrugna...
EUVD-2023-29802
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2020-28035
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WordPress before 5.5.2 allows attackers to gain privileges via XML-RPC. CVE-2020-28035 Note that Nessus relies on the presence of the package as reported by the...
CVE-2023-25914
Due to improper restriction, authenticated attackers could retrieve and read system files of the underlying server through the XML interface. The information that can be read can lead to a full system compromise...
CVE-2023-25914
Due to improper restriction, authenticated attackers could retrieve and read system files of the underlying server through the XML interface. The information that can be read can lead to a full system compromise...
Input validation
Due to improper restriction, attackers could retrieve and read system files of the underlying server through the XML interface...
CVE-2023-25914
CVE-2023-25914 describes a path-traversal flaw in the Danfoss AK-SM800A system manager. Authenticated attackers could read arbitrary server files via the product’s XML interface, potentially enabling full system compromise. Affected versions cited include 3.3 and earlier in multiple feeds; root c...
CVE-2023-25914 Authneticated Path Traversal in Danfoss AK-SM800A
Due to improper restriction, authenticated attackers could retrieve and read system files of the underlying server through the XML interface. The information that can be read can lead to a full system compromise...
CVE-2023-25914 Authneticated Path Traversal in Danfoss AK-SM800A
Due to improper restriction, authenticated attackers could retrieve and read system files of the underlying server through the XML interface. The information that can be read can lead to a full system compromise...
Danfoss AK-SM800A 路径遍历漏洞
Danfoss AK-SM800A is a system manager from Danfoss, Denmark. Provides secure system control and monitoring A path traversal vulnerability exists in Danfoss AK-SM800A 3.3 and earlier versions, which stems from an improper restriction, and can be exploited by an attacker to retrieve and read system...
FortiNAC - argument injection in XML interface on port tcp/5555
An improper neutralization of special elements used in a command 'command injection' vulnerability CWE-77 in FortiNAC tcp/5555 service may allow an unauthenticated attacker to copy local files of the device to other local directories of the device via specially crafted input fields. To access the...
Palo Alto Networks PAN-OS 操作系统命令注入漏洞
A security vulnerability exists in Palo Alto Networks PAN-OS, an operating system developed by Palo Alto Networks, Inc. for its firewall appliances. This allows an authenticated administrator with access to the XML API to execute arbitrary operating system commands to elevate privileges. No detai...
PYSEC-2021-373
Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection...
CVE-2019-5186
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200. An attacker can send a specially crafted packet to trigger the parsing of this cache file.At 0x1eb9c the extracted interface element name from the xml file is...
CVE-2019-2781
Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications subcomponent: XML Interface. Supported versions that are affected are 8.9.6, 8.10.2 and 8.11-8.14. Easily exploitable vulnerability allows low privileged attacker with network access via TCP/IP to compromi...
CVE-2019-2781
Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications subcomponent: XML Interface. Supported versions that are affected are 8.9.6, 8.10.2 and 8.11-8.14. Easily exploitable vulnerability allows low privileged attacker with network access via TCP/IP to compromi...