3 matches found
CVE-2018-16252
FsPro Labs Event Log Explorer 4.6.1.2115 is affected by an XML External Entity (XXE) injection in the .elx FileType, due to a flaw in the elex.exe handling of crafted ELX files. An attacker can trigger local file disclosure by opening a malicious .elx file, as demonstrated in public writeups. The...
CVE-2018-16252
FsPro Labs Event Log Explorer 4.6.1.2115 has ".elx" FileType XML External Entity Injection...
FsPro Labs Event Log Explorer 4.6.1.2115 XML Injection
Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/FSPRO-LABS-EVENT-LOG-EXPLORER-XML-INJECTION-INFO-DISCLOSURE.txt + ISR: ApparitionSec Greetz: Greetz: indoushka | Eduardo Vendor www.eventlogxp.com Product Event Log Explorer v4.6.1.2115...