Journyx - XML External Entities Injection (XXE)

The "soapcgi.pyc" API handler allows the XML body of SOAP requests to contain references to external entities. This allows an unauthenticated attacker to read local files, perform server-side request forgery, and overwhelm the web server resources. id: CVE-2024-6893 info: name: Journyx - XML...

PT-2025-46664

Name of the Vulnerable Software and Affected Versions N-central versions prior to 2025.4 Description N-central versions prior to 2025.4 are susceptible to an XML External Entities injection that could lead to information disclosure. This issue allows for the potential exposure of sensitive data...

PT-2013-59: XML External Entities Injection in Huawei M2000

The specialists of the Positive Research center have detected an XML External Entities Injection vulnerability in Huawei M2000. An XML document may contain a Document Type Definition that, among other features, allows the definition of external entities. A malicious user may perform attacks aimed...

PT-2013-21: XML External Entities Injection in Oracle Database

The specialists of the Positive Research center have detected an XML External Entities Injection vulnerability in Oracle Database. If an attacker sends specially crafted SQL query containing malformed XML to Oracle Database server, the server will automatically send the contents of remote resourc...

PT-2013-15: XML External Entities Injection in vBulletin 5 Connect

The specialists of the Positive Research center have detected an XML External Entities Injection vulnerability in vBulletin 5 Connect. The vulnerability was detected in "appendersocketserver.php" of the Apache log4php library used by vBulletin. PHP's built-in SoapClient class allows the use of...

PT-2013-11: XML External Entities Injection in Oracle Siebel CRM

The specialists of the Positive Research center have detected an XML External Entities Injection vulnerability in Oracle Siebel CRM. The vulnerability is possible during import of XML files in CRM Siebel. An attacker is able to read an arbitrary file on the target system. How to fix Update your...

PT-2013-13: XML External Entities Injection in SAP NetWeaver

The specialists of the Positive Research center have detected an XML External Entities Injection vulnerability in SAP NetWeaver. The vulnerability was detected in the "Live Update" webdynpro application of SAP NetWeaver. The "Live Update" application located at...