6 matches found
CVE-2019-18213
XML Language Server aka lsp4xml before 0.9.1, as used in Red Hat XML Language Support aka vscode-xml before 0.9.1 for Visual Studio and other products, allows XXE via a crafted XML document, with resultant SSRF as well as SMB connection initiation that can lead to NetNTLM challenge/response captu...
Vuze Bittorrent Client 5.7.6.0 - SSDP Processing XML External Entity Injection Vulnerability
Exploit for jsp platform in category web applications Vuze Bittorrent Client 5.7.6.0 - SSDP Processing XML External Entity Injection Reserved CVE: CVE-2018-13417 Vulnerability Overview The XML parsing engine for Vuze Bittorrent Client's SSDP/UPNP functionality is vulnerable to an XML External...
CVE-2018-13416
In Universal Media Server UMS 7.1.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing XXE attack. Remote, unauthenticated attackers can use this vulnerability to: 1 Access arbitrary files from the filesystem with the same permission as the user...
Vuze Bittorrent Client 5.7.6.0 - SSDP Processing XML External Entity Injection
Vuze Bittorrent Client 5.7.6.0 - SSDP Processing XML External Entity Injection Issue: Out-of-Band XXE in Vuze Bittorrent Client's SSDP Processing Reserved CVE: CVE-2018-13417 Vulnerability Overview The XML parsing engine for Vuze Bittorrent Client's SSDP/UPNP functionality is vulnerable to an XML...
Universal Media Server 7.1.0 - SSDP Processing XML External Entity Injection
Universal Media Server 7.1.0 - SSDP Processing XML External Entity Injection Issue: Out-of-Band XXE in Universal Media Server's SSDP Processing Reserved CVE: CVE-2018-13416 Vulnerability Overview The XML parsing engine for Universal Media Server's SSDP/UPNP functionality is vulnerable to an XML...
Universal Media Server 7.1.0 - SSDP Processing XML External Entity Injection
Issue: Out-of-Band XXE in Universal Media Server's SSDP Processing Reserved CVE: CVE-2018-13416 Vulnerability Overview The XML parsing engine for Universal Media Server's SSDP/UPNP functionality is vulnerable to an XML External Entity Processing XXE attack. Unauthenticated attackers on the same L...