161 matches found
XML External Entity (XXE) Injection
weixin-python is vulnerable to XML External Entity XXE Injection. The vulnerability exists due to the parse function in msg.py and the toxml function in pay.py because xml entities are allowed to be resolved, allowing an attacker to inject and execute malicious XML documents to perform requests o...
XML External Entity (XXE) Injection
aXMLRPC is vulnerable to XML external entity attacks. The vulnerability exists because the library does not properly validate the XML documents submitted by the users via the parse function of ResponseParser.java, allowing an attacker to inject malicious XML documents to perform requests on behal...
CVE-2020-23585
A remote attacker can conduct a cross-site request forgery CSRF attack on OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OPV3.3.1-191028. The vulnerability is due to insufficient CSRF protections for the "mgmconfigfile.asp" because of which attacker can create a crafted "csrf for...
CVE-2020-23585
A remote attacker can conduct a cross-site request forgery CSRF attack on OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OPV3.3.1-191028. The vulnerability is due to insufficient CSRF protections for the "mgmconfigfile.asp" because of which attacker can create a crafted "csrf for...
CVE-2022-27805
An authentication bypass vulnerability exists in the GHOME control functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted network request can lead to arbitrary XCMD execution. An attacker can send a malicious XML payload to trigger this vulnerability...
Abode Iota 访问控制错误漏洞
Abode Iota is a reliable Diy home security system from Abode. An Access Control Error vulnerability exists in Abode Iota versions 6.9X and 6.9Z, which stems from an authentication bypass in the GHOME control function, and can be exploited by an attacker to send a malicious XML payload to execute...
IBM MQ 代码问题漏洞
IBM MQ IBM WebSphere MQ is a messaging middleware product from IBM. It provides a reliable and proven messaging backbone for Service Oriented Architecture SOA. A security vulnerability exists in IBM MQ that stems from an attacker being able to transfer malicious XML data to IBM MQ via the Explore...
CVE-2022-33320
Deserialization of Untrusted Data vulnerability in Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric ICONICS Suite versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions...
CVE-2022-33320
Deserialization of Untrusted Data vulnerability in Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric ICONICS Suite versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions...
Deserialization of untrusted data
Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior and Mitsubishi Electric MC Works64 versions 4.04E 10.95.210.01 and prior allows an unauthenticated attacker to execute an arbitrary malicious code by leading a user to load a project configuration file...
CVE-2022-33320
Deserialization of Untrusted Data vulnerability in Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric ICONICS Suite versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions...
CVE-2020-13965
An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. There is XSS via a malicious XML attachment because text/xml is among the allowed types for a preview...
XML External Entity (XXE)
detekt-core is vulnerable to XML external entity attacks. The vulnerability exists in the read function in BaselineFormat.kt due to improper validation which allows an attacker to submit a malicious XML document...
FANUC ROBOGUIDE XML External Entity Injection Vulnerability
FANUC ROBOGUIDE is a robot simulation software from FANUC Japan. FANUC ROBOGUIDE v9.40083.00.05 and earlier versions exist XML external entity injection vulnerability, which originates from the lack of application restrictions on external entities. An attacker could exploit this vulnerability to...
XML External Entity (XXE) Injection
fr.opensagres.xdocreport:fr.opensagres.xdocreport.document is vulnerable to XML external entity XXE injection attacks. A remote attacker is able to inject malicious XML input via a weakly configured XML parser in the preprocess function...
PT-2022-11968 · Fanuc · Roboguide
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves a network-based attack where threat actors supply a crafted, malicious XML payload. This payload is designed to trigger an external...
CVE-2022-24612
An authenticated user can upload an XML file containing an XSS via the ITSM module of EyesOfNetwork 5.3.11, resulting in a stored XSS...
CVE-2018-4302
A null pointer dereference was addressed with improved validation. This issue is fixed in macOS High Sierra 10.13, iCloud for Windows 7.0, watchOS 4, iOS 11, iTunes 12.7 for Windows. Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution...
CVE-2021-30137
Assyst 10 SP7.5 has authenticated XXE leading to SSRF via XML unmarshalling. The application allows users to send JSON or XML data to the server. It was possible to inject malicious XML data through several access points...
CVE-2021-30137
Assyst 10 SP7.5 has authenticated XXE leading to SSRF via XML unmarshalling. The application allows users to send JSON or XML data to the server. It was possible to inject malicious XML data through several access points...