EUVD-2022-4967

Malicious code in bioql PyPI...

CVE-2020-15593

SteelCentral Aternity Agent 11.0.0.120 on Windows mishandles IPC. It uses an executable running as a high privileged Windows service to perform administrative tasks and collect data from other processes. It distributes functionality among different processes and uses IPC Inter-Process Communicati...

Code injection

SteelCentral Aternity Agent 11.0.0.120 on Windows mishandles IPC. It uses an executable running as a high privileged Windows service to perform administrative tasks and collect data from other processes. It distributes functionality among different processes and uses IPC Inter-Process Communicati...

CVE-2015-1809

XML external entity XXE vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via an XPath query...

CVE-2015-1811

XML external entity XXE vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document...

CVE-2015-1809

XML external entity XXE vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via an XPath query...

Xxe

XML external entity XXE vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document...

CVE-2015-1811

XML external entity XXE vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document...

CVE-2015-1811

XML external entity XXE vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document...

CVE-2015-1809

CVE-2015-1809 describes an XML External Entity (XXE) vulnerability in CloudBees Jenkins prior to 1.600 and in LTS releases prior to 1.596.1. The vulnerability arises from Jenkins' XPath/XML handling, allowing a remote attacker with read access to read arbitrary XML files on the Jenkins server. Af...

jenkins: external entity injection via XPath (SECURITY-165)

It was found that Jenkins' XPath handling allowed XML External Entity XXE expansion. A remote attacker with read access could use this flaw to read arbitrary XML files on the Jenkins server...

Path traversal

Absolute path traversal vulnerability in pkgedit.php in pfSense before 2.1.4 allows remote attackers to read arbitrary XML files via a full pathname in the xml parameter...

CA ERwin Web Portal MIMM ConfigServiceProvider Information Disclosure Vulnerability

This vulnerability allows remote attackers to read database credentials on a system with vulnerable installations of CA ERwin Web Portal's Meta Integration Metadata Management service. Authentication is not required to exploit this vulnerability. The specific flaw exists within the "Meta...

CVE-2013-0505

IBM Sterling Order Management 8.0 before HF127, 8.5 before HF89, 9.0 before HF69, 9.1.0 before FP41, and 9.2.0 before FP13 allows remote authenticated users to conduct XPath injection attacks, and read arbitrary XML files, via unspecified vectors...

Design/Logic Flaw

Unspecified vulnerability in the XML feature in IBM DB2 9.7 before FP6 on Linux, UNIX, and Windows allows remote authenticated users to read arbitrary XML files via unknown vectors...

Design/Logic Flaw

The request handler in JBossWS in JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.2 before 4.2.0.CP06 and 4.3 before 4.3.0.CP04 does not properly validate the resource path during a request for a WSDL file with a custom web-service endpoint, which allows remote attackers to read...

CVE-2006-4550

Directory traversal vulnerability in CHXO Feedsplitter 2006-01-21 allows remote attackers to read arbitrary XML files via .. dot dot sequences in the format parameter with a leading ".", which bypasses a security check...

CVE-2006-4550

Directory traversal vulnerability in CHXO Feedsplitter 2006-01-21 allows remote attackers to read arbitrary XML files via .. dot dot sequences in the format parameter with a leading ".", which bypasses a security check...

CVE-2006-0275

Unspecified vulnerability in the Oracle Reports Developer component of Oracle Application Server 9.0.4.2 has unspecified impact and attack vectors, as identified by Oracle Vuln REP04. NOTE: Oracle has not disputed reliable researcher claims that this issue is related to directory traversal that...