Lucene search
K

6 matches found

Nuclei
Nuclei
added yesterday33 views

Journyx - XML External Entities Injection (XXE)

The "soapcgi.pyc" API handler allows the XML body of SOAP requests to contain references to external entities. This allows an unauthenticated attacker to read local files, perform server-side request forgery, and overwhelm the web server resources. id: CVE-2024-6893 info: name: Journyx - XML...

7.5CVSS7AI score0.32916EPSS
Exploits3
VulnCheck KEV
VulnCheck KEV
added 2024/09/04 12:0 a.m.6 views

VulnCheck KEV: CVE-2024-6893

The "soapcgi.pyc" API handler allows the XML body of SOAP requests to contain references to external entities. This allows an unauthenticated attacker to read local files, perform server-side request forgery, and overwhelm the web server resources...

7.5CVSS5.8AI score0.32916EPSS
Exploits3References1
Circl
Circl
added 2024/08/08 3:1 a.m.15 views

CVE-2024-6893

creationtimestamp| type| source ---|---|--- 2024-08-08 03:01:07+00:00| seen| https://t.me/cvedetector/2738 2024-08-17 22:49:44+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/8284 2024-08-18 00:46:55+00:00| published-proof-of-concept|...

7.5CVSS7.1AI score0.32916EPSS
In wildExploits3References6
0day.today
0day.today
added 2024/08/08 12:0 a.m.253 views

Journyx 11.5.4 XML Injection Vulnerability

Journyx version 11.5.4 has an issue where the soapcgi.pyc API handler allows the XML body of SOAP requests to contain references to external entities. This allows an unauthenticated attacker to read local files, perform server-side request forgery, and overwhelm the web server resources. Title:...

7.5CVSS7.1AI score0.32916EPSS
Exploits3
Packet Storm
Packet Storm
added 2024/08/08 12:0 a.m.451 views

Journyx 11.5.4 XML Injection

KL-001-2024-010: Journyx Unauthenticated XML External Entities Injection Title: Journyx Unauthenticated XML External Entities Injection Advisory ID: KL-001-2024-010 Publication Date: 2024.08.07 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-010.txt 1. Vulnerability Detail...

7.5CVSS7.1AI score0.32916EPSS
Exploits3
KoreLogic Security
KoreLogic Security
added 2024/08/07 12:0 a.m.83 views

Journyx Unauthenticated XML External Entities Injection

Vulnerability Details Affected Vendor: Journyx Affected Product: Journyx jtime Affected Version: 11.5.4 Platform: GNU/Linux CWE Classification: CWE-611: Improper Restriction of XML External Entity Reference CVE ID: CVE-2024-6893 2. Vulnerability Description The "soapcgi.pyc" API handler allows...

7.5CVSS6.7AI score0.32916EPSS
Exploits3Affected Software1
Rows per page
Query Builder