Diving Log 6.0 - XML External Entity Injection Vulnerability

Exploit for windows platform in category local exploits + Exploit Title: Diving Log 6.0 XXE Injection + Exploit Author: Trent Gordon + Vendor Homepage: http://www.divinglog.de + Software Link: http://www.divinglog.de/english/download/ + Disclosed at: https://thenopsled.com/divinglog.txt + Version...

Diving Log 6.0 - XML External Entity Injection

Exploit Title: Diving Log 6.0 XXE Injection + Date: 27-11-2017 + Exploit Author: Trent Gordon + Vendor Homepage: http://www.divinglog.de + Software Link: http://www.divinglog.de/english/download/ + Disclosed at: https://thenopsled.com/divinglog.txt + Version: 6.0 + Tested on: Windows 7 SP1,...

Xxe

XXE in Diving Log 6.0 allows attackers to remotely view local files through a crafted dive.xml file that is mishandled during a Subsurface import...

CVE-2017-9095

CVE-2017-9095 affects Diving Log 6.0 and is an XML External Entity (XXE) vulnerability in the dive.xml import workflow (Subsurface import). An attacker can disclose local files via a crafted dive.xml file. Public exploit references document an XXE payload and steps to exfiltrate data to a remote ...