EUVD-2017-18034

Malware in sbrugna...

Diving Log 6.0 - XML External Entity Injection Vulnerability

Exploit for windows platform in category local exploits + Exploit Title: Diving Log 6.0 XXE Injection + Exploit Author: Trent Gordon + Vendor Homepage: http://www.divinglog.de + Software Link: http://www.divinglog.de/english/download/ + Disclosed at: https://thenopsled.com/divinglog.txt + Version...

Diving Log 6.0 - XML External Entity Injection

Exploit Title: Diving Log 6.0 XXE Injection + Date: 27-11-2017 + Exploit Author: Trent Gordon + Vendor Homepage: http://www.divinglog.de + Software Link: http://www.divinglog.de/english/download/ + Disclosed at: https://thenopsled.com/divinglog.txt + Version: 6.0 + Tested on: Windows 7 SP1,...

Diving Log 6.0 XML External Entity Injection

Exploit Title: Diving Log 6.0 XXE Injection + Date: 27-11-2017 + Exploit Author: Trent Gordon + Vendor Homepage: http://www.divinglog.de + Software Link: http://www.divinglog.de/english/download/ + Disclosed at: https://thenopsled.com/divinglog.txt + Version: 6.0 + Tested on: Windows 7 SP1,...

Diving Log 6.0 - XML External Entity Injection

Diving Log 6.0 - XML External Entity Injection + Exploit Title: Diving Log 6.0 XXE Injection + Date: 27-11-2017 + Exploit Author: Trent Gordon + Vendor Homepage: http://www.divinglog.de + Software Link: http://www.divinglog.de/english/download/ + Disclosed at: https://thenopsled.com/divinglog.txt...

Diving Log dive.xml File Information Disclosure Vulnerability

Diving Log is a dive log management software. The software supports data import, log printing and log sharing. A security vulnerability exists in Diving Log version 6.0. A remote attacker can exploit this vulnerability to view local files with the help of a specially crafted dive.xml file...

Xxe

XXE in Diving Log 6.0 allows attackers to remotely view local files through a crafted dive.xml file that is mishandled during a Subsurface import...

CVE-2017-9095

XXE in Diving Log 6.0 allows attackers to remotely view local files through a crafted dive.xml file that is mishandled during a Subsurface import...

CVE-2017-9095

XXE in Diving Log 6.0 allows attackers to remotely view local files through a crafted dive.xml file that is mishandled during a Subsurface import...

CVE-2017-9095

XXE in Diving Log 6.0 allows attackers to remotely view local files through a crafted dive.xml file that is mishandled during a Subsurface import...

CVE-2017-9095

CVE-2017-9095 affects Diving Log 6.0 and is an XML External Entity (XXE) vulnerability in the dive.xml import workflow (Subsurface import). An attacker can disclose local files via a crafted dive.xml file. Public exploit references document an XXE payload and steps to exfiltrate data to a remote ...

PT-2017-18698 · Diving Log · Diving Log

Name of the Vulnerable Software and Affected Versions: Diving Log version 6.0 Description: The issue allows attackers to remotely view local files through a crafted dive.xml file that is mishandled during a Subsurface import. This is related to an XXE XML External Entity issue. Recommendations: F...