Novell Zenworks ChangePassword XPath Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to exfiltrate arbitrary text files on vulnerable installations of Novell Zenworks. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ChangePassword RPC method. By providing a malformed query, an attacker ca...

CVE-2015-7817

CVE-2015-7817 affects IBM System Networking Switch Center (SNSC) prior to 7.3.1.5 and Lenovo Switch Center prior to 8.1.2.0. A race condition in the administration-panel web service enables remote attackers to obtain privileged-account access, then feed FileReader.jsp input containing directory t...

HP Release Control 9.20.0000 Build 395 XXE

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'HP Release Control Authenticated XXE', 'Description' = %q This module take advantage of three separate vulnerabilities in order to re...

EMC Connectrix Manager Converged Network Edition inmservlets.war Information Disclosure Vulnerability

This vulnerability allows remote attackers to read arbitrary text files on vulnerable installations of EMC Connectrix Manager Converged Network Edition. Authentication is not required to exploit this vulnerability. The specific flaw exists within one of the pages served as part of the immservlets...

CVE-2013-5490

Cisco Prime Data Center Network Manager DCNM before 6.21 allows remote attackers to read arbitrary text files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue, aka Bug ID CSCud80148...

Xxe

Cisco Prime Data Center Network Manager DCNM before 6.21 allows remote attackers to read arbitrary text files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue, aka Bug ID CSCud80148...