14 matches found
CVE-2021-44477
GE Gas Power ToolBoxST Version v04.07.05C suffers from an XML external entity XXE vulnerability using the DTD parameter entities technique that could result in disclosure and retrieval of arbitrary data on the affected node via an out-of-band OOB attack. The vulnerability is triggered when input...
Xxe
GE Gas Power ToolBoxST Version v04.07.05C suffers from an XML external entity XXE vulnerability using the DTD parameter entities technique that could result in disclosure and retrieval of arbitrary data on the affected node via an out-of-band OOB attack. The vulnerability is triggered when input...
CVE-2021-44477 GE Gas Power ToolBoxST Improper Restriction of XML External Entity Reference
GE Gas Power ToolBoxST Version v04.07.05C suffers from an XML external entity XXE vulnerability using the DTD parameter entities technique that could result in disclosure and retrieval of arbitrary data on the affected node via an out-of-band OOB attack. The vulnerability is triggered when input...
CVE-2021-27184
Pelco Digital Sentry Server 7.18.72.11464 has an XML External Entity vulnerability exploitable via the DTD parameter entities technique, resulting in disclosure and retrieval of arbitrary data on the affected node via an out-of-band OOB attack. The vulnerability is triggered when input passed to...
CVE-2021-27184
Pelco Digital Sentry Server 7.18.72.11464 is vulnerable to XML External Entity (XXE) processing in DSControlPoint.exe when parsing ControlPointCacheShare.xml in %APPDATA% Pelco, enabling disclosure of arbitrary data on the affected node via an out-of-band (OOB) attack. Root cause is unsanitized i...
NovaRad NovaPACS Diagnostics Viewer 8.5 - XML External Entity Injection Vulnerability
Exploit for xml platform in category web applications Title: NovaRad NovaPACS Diagnostics Viewer 8.5 - XML External Entity Injection File Disclosure Author: Gjoko 'LiquidWorm' Krstic @zeroscience Vendor: NovaRad Corporation Product web page: https://www.novarad.net Affected version: 8.5.19.75...
CVE-2018-7783
Schneider Electric SoMachine Basic prior to v1.6 SP1 suffers from an XML External Entity XXE vulnerability using the DTD parameter entities technique resulting in disclosure and retrieval of arbitrary data on the affected node via out-of-band OOB attack. The vulnerability is triggered when input...
Xxe
Schneider Electric SoMachine Basic prior to v1.6 SP1 suffers from an XML External Entity XXE vulnerability using the DTD parameter entities technique resulting in disclosure and retrieval of arbitrary data on the affected node via out-of-band OOB attack. The vulnerability is triggered when input...
CVE-2018-7783
Schneider Electric SoMachine Basic prior to v1.6 SP1 suffers from an XML External Entity XXE vulnerability using the DTD parameter entities technique resulting in disclosure and retrieval of arbitrary data on the affected node via out-of-band OOB attack. The vulnerability is triggered when input...
KYOCERA Multi-Set Template Editor 3.4 Out-Of-Band XML External Entity Injection
Summary KYOCERA Net Admin is Kyocera's unified device management software that uses a web-based platform to give network administrators easy and uncomplicated control to handle a fleet for up to 10,000 devices. Tasks that used to require multiple programs or walking to each printer can now be...
Cimetrics BACnet Explorer 4.0 XXE Vulnerability
Summary The BACnet Explorer is a BACnet client application that helps auto discover BACnet devices. Description BACnetExplorer suffers from an XML External Entity XXE vulnerability using the DTD parameter entities technique resulting in disclosure and retrieval of arbitrary data on the affected...
Cimetrics BACnet Explorer 4.0 XXE Injection
Cimetrics BACnet Explorer 4.0 XXE Vulnerability Vendor: Cimetrics, Inc. Product web page: https://www.cimetrics.com Affected version: 4.0.0.0 Summary: The BACnet Explorer is a BACnet client application that helps auto discover BACnet devices. Desc: BACnetExplorer suffers from an XML External Enti...
CyberPower Systems PowerPanel 3.1.2 - XXE Out-Of-Band Data Retrieval
Exploit for multiple platform in category web applications CyberPower Systems PowerPanel 3.1.2 XXE Out-Of-Band Data Retrieval Vendor: CyberPower Systems, Inc. Product web page: https://www.cyberpowersystems.com Affected version: 3.1.2 37567 Business Edition Summary: The PowerPanel® Business Editi...
Multiple vendor SOAP server (XML parser) denial of service (DTD parameter entities)
/////////////////////////////////////////////////////////////////////////////// //========================== Security Advisory ==========================// ///////////////////////////////////////////////////////////////////////////////...