11 matches found
EUVD-2018-2901
Malware in sbrugna...
ModbusPal XML External Entity Injection Vulnerability
ModbusPal is a MODBUS simulator written in Java with a replicated MODBUS environment. An XML external entity injection vulnerability exists in ModbusPal version 1.6b. A remote attacker can exploit this vulnerability by sending a specially crafted .xmpp or .xmpa file to the user to obtain the...
CVE-2018-10832
ModbusPal 1.6b is vulnerable to an XML External Entity XXE attack. Projects are saved as .xmpp files and automations can be exported as .xmpa files, both XML-based, which are vulnerable to XXE injection. Sending a crafted .xmpp or .xmpa file to a user, when opened/imported in ModbusPal, will retu...
CVE-2018-10832
ModbusPal 1.6b is vulnerable to an XML External Entity XXE attack. Projects are saved as .xmpp files and automations can be exported as .xmpa files, both XML-based, which are vulnerable to XXE injection. Sending a crafted .xmpp or .xmpa file to a user, when opened/imported in ModbusPal, will retu...
Xxe
ModbusPal 1.6b is vulnerable to an XML External Entity XXE attack. Projects are saved as .xmpp files and automations can be exported as .xmpa files, both XML-based, which are vulnerable to XXE injection. Sending a crafted .xmpp or .xmpa file to a user, when opened/imported in ModbusPal, will retu...
CVE-2018-10832
ModbusPal 1.6b is vulnerable to an XML External Entity (XXE) injection in XML-based project/automation files (.xmpp, .xmpa). The root cause is XXE processing allowing a remote attacker to exfiltrate local file contents when a crafted file is opened/imported. This is documented across multiple sou...
CVE-2018-10832
ModbusPal 1.6b is vulnerable to an XML External Entity XXE attack. Projects are saved as .xmpp files and automations can be exported as .xmpa files, both XML-based, which are vulnerable to XXE injection. Sending a crafted .xmpp or .xmpa file to a user, when opened/imported in ModbusPal, will retu...
ModbusPal 1.6b XML External Entity Injection
Exploit Title: ModbusPal XXE Injection + Date: 05-08-2018 + Exploit Author: Trent Gordon + Vendor Homepage: http://modbuspal.sourceforge.net/ + Software Link: https://sourceforge.net/projects/modbuspal/files/latest/download?source=files + Version: 1.6b + Tested on: Ubuntu 16.04 with Java 1.8.0151...
ModbusPal 1.6b - XML External Entity Injection Vulnerability
Exploit for java platform in category web applications + Exploit Title: ModbusPal XXE Injection + Exploit Author: Trent Gordon + Vendor Homepage: http://modbuspal.sourceforge.net/ + Software Link: https://sourceforge.net/projects/modbuspal/files/latest/download?source=files + Version: 1.6b + Test...
ModbusPal 1.6b - XML External Entity Injection
ModbusPal 1.6b - XML External Entity Injection + Exploit Title: ModbusPal XXE Injection + Date: 05-08-2018 + Exploit Author: Trent Gordon + Vendor Homepage: http://modbuspal.sourceforge.net/ + Software Link: https://sourceforge.net/projects/modbuspal/files/latest/download?source=files + Version:...
ModbusPal 1.6b - XML External Entity Injection
Exploit Title: ModbusPal XXE Injection + Date: 05-08-2018 + Exploit Author: Trent Gordon + Vendor Homepage: http://modbuspal.sourceforge.net/ + Software Link: https://sourceforge.net/projects/modbuspal/files/latest/download?source=files + Version: 1.6b + Tested on: Ubuntu 16.04 with Java 1.8.0151...