Lucene search
K

4 matches found

Exploit DB
Exploit DB
added 2021/09/22 12:0 a.m.239 views

OpenCats 0.9.4-2 - 'docx ' XML External Entity Injection (XXE)

Exploit Title: OpenCats 0.9.4-2 - 'docx ' XML External Entity Injection XXE Date: 2021-09-20 Exploit Author: Jake Ruston Vendor Homepage: https://opencats.org Software Link: https://github.com/opencats/OpenCATS/releases/download/0.9.4-2/opencats-0.9.4-2-full.zip Version: w:document...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/09/22 12:0 a.m.164 views

OpenCats 0.9.4-2 XML Injection

Exploit Title: OpenCats 0.9.4-2 - 'docx ' XML External Entity Injection XXE Date: 2021-09-20 Exploit Author: Jake Ruston Vendor Homepage: https://opencats.org Software Link: https://github.com/opencats/OpenCATS/releases/download/0.9.4-2/opencats-0.9.4-2-full.zip Version: w:document...

7.5CVSS7.6AI score0.23849EPSS
Exploits3
0day.today
0day.today
added 2021/09/22 12:0 a.m.160 views

OpenCats 0.9.4-2 -(docx) XML External Entity Injection Vulnerability

Exploit Title: OpenCats 0.9.4-2 - 'docx ' XML External Entity Injection XXE Exploit Author: Jake Ruston Vendor Homepage: https://opencats.org Software Link: https://github.com/opencats/OpenCATS/releases/download/0.9.4-2/opencats-0.9.4-2-full.zip Version: w:document...

7.5CVSS0.3AI score0.23849EPSS
Exploits3
CVE
CVE
added 2019/07/05 8:26 p.m.390 views

CVE-2019-13358

OpenCats prior to 0.9.4-3 contains an XXE in lib/DocumentToText.php that lets remote attackers read files on the underlying OS. Exploitation requires the attacker to upload a docx or odt document, triggering the entity processing. The issue is associated with OpenCats 0.9.4-3 and earlier, with fi...

7.5CVSS6.3AI score0.23849EPSS
Exploits3References4Affected Software1
Rows per page
Query Builder