CVE-2020-6856

An XML External Entity XEE vulnerability exists in the JOC Cockpit component of SOS JobScheduler 1.12 and 1.13.2 allows attackers to read files from the server via an entity declaration in any of the XML documents that are used to specify the run-time settings of jobs and orders...

Denial Of Service (DoS)

libxml2 is vulnerable to denial of service DoS attacks. The vulnerability exists as libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service CPU and memory consumption via an XML file containing an entity declaration with long replacement text and many references ...

Moderate severity vulnerability that affects com.adobe.xmp:xmpcore

XMPCore in Adobe XMP Toolkit for Java before 5.1.3 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...

Apache Camel's XSLT component allows remote attackers to read arbitrary files

The XSLT component in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External...

XML External Entity (XXE)

Adobe xmpcore is vulnerable to XML external entity XXE attacks. The attacks are possible because it does not properly handle the XML data containing an external entity declaration in conjunction with an entity reference, allowing users to read arbitrary files...

CVE-2016-3055

IBM FileNet Workplace 4.0.2 is affected by CVE-2016-3055 due to an XML External Entity (XXE) flaw in processing XML data, which could allow remote authenticated users to read arbitrary files or cause a memory-based denial of service. Affected version: FileNet Workplace 4.0.2 (before 4.0.2.14 LA01...

Xxe

IBM Security Privileged Identity Manager ISPIM Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to read arbitrary files or cause a denial of service memory consumption via an XML document containing an external entity declaration in conjunction with an entity reference,...

Xxe

Cisco Prime Home 5.2.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue, aka Bug ID CSCvb17814...

CVE-2016-6408

Cisco Prime Home 5.2.0 is affected by CVE-2016-6408, an XML External Entity (XXE) vulnerability in the Web-Based User Interface that could allow an unauthenticated, remote attacker to read arbitrary files via a crafted XML payload. The issue is due to improper handling of external entities when p...

CVE-2016-4264

CVE-2016-4264 affects Adobe ColdFusion 10 (before Update 21) and 11 (before Update 10). The OOXML feature parser is vulnerable to XML External Entity (XXE) processing via a crafted OOXML spreadsheet containing an external entity declaration and an entity reference, enabling reading of arbitrary f...

CVE-2016-5000

The XLSX2CSV example in Apache POI before 3.14 allows remote attackers to read arbitrary files via a crafted OpenXML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...

CVE-2016-3039

CVE-2016-3039 affects IBM Traveler 8.x and 9.x prior to 9.0.1.12, where XML data containing an external entity declaration with an entity reference enables XXE. Attackers with remote access and authentication could read arbitrary files or trigger memory exhaustion (DoS). Publicly documented refer...

Xxe

XMPCore in Adobe XMP Toolkit for Java before 5.1.3 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...

CVE-2016-1343

The XML parser in Cisco Information Server CIS 6.2 allows remote attackers to read arbitrary files or cause a denial of service CPU and memory consumption via an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue, aka Bug ID CSCuy39059...

Xxe

The XML parser in Cisco Information Server CIS 6.2 allows remote attackers to read arbitrary files or cause a denial of service CPU and memory consumption via an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue, aka Bug ID CSCuy39059...

CVE-2016-0245

The XML parser in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF10 allows remote authenticated users to read arbitrary files or cause a denial of service via an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE...

Xxe

The XML parser in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF10 allows remote authenticated users to read arbitrary files or cause a denial of service via an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE...

CVE-2013-1824

The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue in the soapxmlParseFile and...

CVE-2015-6463

CodeWrights HART Comm DTM components, as used with Endress+Hauser FieldCare, allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via a longtag XML schema containing an external entity declaration in...

CVE-2015-6463

CVE-2015-6463 concerns CodeWrights HART Comm DTM components used with Endress+Hauser FieldCare. The vulnerability arises from processing a longtag XML schema containing an external entity declaration and an entity reference (XXE), enabling a remote attacker to read arbitrary files, issue HTTP req...