CVE-2023-46502

An issue in openCRX v.5.2.2 allows a remote attacker to read internal files and execute server side request forgery attack via insecure DocumentBuilderFactory...

CVE-2023-46502

An issue in openCRX v.5.2.2 allows a remote attacker to read internal files and execute server side request forgery attack via insecure DocumentBuilderFactory...

Server side request forgery (ssrf)

An issue in openCRX v.5.2.2 allows a remote attacker to read internal files and execute server side request forgery attack via insecure DocumentBuilderFactory...

CVE-2023-46502

An issue in openCRX v.5.2.2 allows a remote attacker to read internal files and execute server side request forgery attack via insecure DocumentBuilderFactory...

CVE-2023-46502

OpenCRX is affected by CVE-2023-46502 in v5.2.2, where an insecure DocumentBuilderFactory enables a remote attacker to read internal files and perform server-side request forgery. The issue is tied to the XML processing path and leads to high-impact confidentiality, integrity, and availability co...

PT-2023-30061 · Opencrx · Opencrx

Name of the Vulnerable Software and Affected Versions: openCRX version 5.2.2 Description: An issue in openCRX allows a remote attacker to read internal files and execute server side request forgery attacks via insecure DocumentBuilderFactory. Additionally, it is possible for a remote attacker to...

CVE-2023-46502

An issue in openCRX v.5.2.2 allows a remote attacker to read internal files and execute server side request forgery attack via insecure DocumentBuilderFactory...

GHSA-WC9J-GC65-3CM7 DDFFileParser is vulnerable to XXE Attacks

Impact DDFFileParser and DefaultDDFFileValidator and so ObjectLoader are vulnerable to XXE AttacksProcessing. DDF file is a LWM2M format used to store LWM2M object description. Leshan users are impacted only if they parse untrusted DDF files e.g. if they let external users provide their own model...

DDFFileParser is vulnerable to XXE Attacks

Impact DDFFileParser and DefaultDDFFileValidator and so ObjectLoader are vulnerable to XXE AttacksProcessing. DDF file is a LWM2M format used to store LWM2M object description. Leshan users are impacted only if they parse untrusted DDF files e.g. if they let external users provide their own model...

Dragonfly 代码问题漏洞

Dragonfly is a framework that allows dynamic processing of any content type. A code issue vulnerability exists in Dragonfly version v0.3.0-SNAPSHOT, which stems from the fact that it is not configured with DocumentBuilderFactory allowing an attacker to implement XML external entity attacks...

XML External Entity (XXE)

jadx-core is vulnerable to xml external entity attacks. The vulnerability exists in the parseXml function of ExportGradleProject.java as it does not set disallow-doctype-decl attribute in the DocumentBuilderFactory, allowing an attacker to export a malicious android application with a crafted...

CVE-2021-27736

FusionAuth fusionauth-samlv2 before 0.5.4 allows XXE attacks via a forged AuthnRequest or LogoutRequest because parseFromBytes uses javax.xml.parsers.DocumentBuilderFactory unsafely...

CVE-2021-27736

FusionAuth fusionauth-samlv2 before 0.5.4 allows XXE attacks via a forged AuthnRequest or LogoutRequest because parseFromBytes uses javax.xml.parsers.DocumentBuilderFactory unsafely...

Design/Logic Flaw

FusionAuth fusionauth-samlv2 before 0.5.4 allows XXE attacks via a forged AuthnRequest or LogoutRequest because parseFromBytes uses javax.xml.parsers.DocumentBuilderFactory unsafely...

CVE-2021-27736

FusionAuth fusionauth-samlv2 before 0.5.4 allows XXE attacks via a forged AuthnRequest or LogoutRequest because parseFromBytes uses javax.xml.parsers.DocumentBuilderFactory unsafely...

Authorization Bypass

java is vulnerable to authorization bypass. The vulnerability exists through an improper check for code permissions when creating DocumentBuilderFactory instances...

XML External Entity (XXE)

Apache Solr is vulnerable to XML External Entity XXE attacks. The library uses an insecure DocumentBuilderFactory class is to parse the currency.xml and enumsConfig.xml files. This can allow a malicious user with access to these files to conduct an XXE attack to reveal sensitive information...

Critical Flaw in Major Android Tools Targets Developers and Reverse Engineers

Finally, here we have a vulnerability that targets Android developers and reverse engineers, instead of app users. Security researchers have discovered an easily-exploitable vulnerability in Android application developer tools, both downloadable and cloud-based, that could allow attackers to stea...

Apache Solr 7.0.1 - XML External Entity Expansion / Remote Code Execution

First Vulnerability: XML External Entity Expansion deftype=xmlparser Lucene includes a query parser that is able to create the full-spectrum of Lucene queries, using an XML data structure. Starting from version 5.1 Solr supports "xml" query parser in the search query. The problem is that lucene x...

XML External Entity Injection (XXE)

Apache axis2-idea-plugin is vulnerable to XML external entity injection XXE attacks. Attackers can inject entities through the Service XML Edit Page because the DocumentBuilderFactory allows it...