Lucene search
+L

6 matches found

nuclei
nuclei
added 14 hours ago33 views

Journyx - XML External Entities Injection (XXE)

The "soapcgi.pyc" API handler allows the XML body of SOAP requests to contain references to external entities. This allows an unauthenticated attacker to read local files, perform server-side request forgery, and overwhelm the web server resources. id: CVE-2024-6893 info: name: Journyx - XML...

7.5CVSS7AI score0.32916EPSS
Exploits3
vulncheck_kev
vulncheck_kev
added 2024/09/04 12:0 a.m.7 views

VulnCheck KEV: CVE-2024-6893

The "soapcgi.pyc" API handler allows the XML body of SOAP requests to contain references to external entities. This allows an unauthenticated attacker to read local files, perform server-side request forgery, and overwhelm the web server resources...

7.5CVSS5.8AI score0.32916EPSS
Exploits3References1
circl
circl
added 2024/08/08 3:1 a.m.15 views

CVE-2024-6893

creationtimestamp| type| source ---|---|--- 2024-08-08 03:01:07+00:00| seen| https://t.me/cvedetector/2738 2024-08-17 22:49:44+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/8284 2024-08-18 00:46:55+00:00| published-proof-of-concept|...

7.5CVSS7.1AI score0.32916EPSS
In wildExploits3References6
zdt
zdt
added 2024/08/08 12:0 a.m.255 views

Journyx 11.5.4 XML Injection Vulnerability

Journyx version 11.5.4 has an issue where the soapcgi.pyc API handler allows the XML body of SOAP requests to contain references to external entities. This allows an unauthenticated attacker to read local files, perform server-side request forgery, and overwhelm the web server resources. Title:...

7.5CVSS7.1AI score0.32916EPSS
Exploits3
packetstorm
packetstorm
added 2024/08/08 12:0 a.m.452 views

Journyx 11.5.4 XML Injection

KL-001-2024-010: Journyx Unauthenticated XML External Entities Injection Title: Journyx Unauthenticated XML External Entities Injection Advisory ID: KL-001-2024-010 Publication Date: 2024.08.07 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-010.txt 1. Vulnerability Detail...

7.5CVSS7.1AI score0.32916EPSS
Exploits3
korelogic
korelogic
added 2024/08/07 12:0 a.m.96 views

Journyx Unauthenticated XML External Entities Injection

Vulnerability Details Affected Vendor: Journyx Affected Product: Journyx jtime Affected Version: 11.5.4 Platform: GNU/Linux CWE Classification: CWE-611: Improper Restriction of XML External Entity Reference CVE ID: CVE-2024-6893 2. Vulnerability Description The "soapcgi.pyc" API handler allows...

7.5CVSS6.7AI score0.32916EPSS
Exploits3Affected Software1
Rows per page
Query Builder