BIT-GRADLE-2023-42445 Possible local file exfiltration by XML External entity injection

Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack OOB-XXE, just parsing XML can lead to exfiltration of local tex...

CVE-2023-42445

A flaw was found in Gradle. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack OOB-XXE, parsing XML can lead to the exfiltration of local text files to a remote server. In most cases, Gradle parses XML files it...

CVE-2023-42445

Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack OOB-XXE, just parsing XML can lead to exfiltration of local tex...

CVE-2023-42445 Possible local file exfiltration by XML External entity injection

Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack OOB-XXE, just parsing XML can lead to exfiltration of local tex...

CVE-2023-42445

CVE-2023-42445 affects Gradle: XML External Entity (XXE) resolution was not disabled in some parsing paths, enabling potential exfiltration of local text files via XML parsing with an OOB-XXE scenario. Documents confirm Gradle now disables XML external entities for all use cases in Gradle 7.6.3 a...

CVE-2023-42445

Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack OOB-XXE, just parsing XML can lead to exfiltration of local tex...

Prizm Content Connect v10.5.1030.8315 - XXE Vulnerability

Exploit Title: Prizm Content Connect v10.5.1030.8315 - XXE Exploit Author: @xhzeem Vendor Homepage: https://help.accusoft.com/PCC/v9.0/HTML/About%20Prizm%20Content%20Connect.html Version: v10.5.1030.8315 The Prizm Content Connect v10.5.1030.8315 is vulnerable to XXE Proof Of Concept:...

CVE-2020-21641

Out-of-Band XML External Entity OOB-XXE vulnerability in Zoho ManageEngine Analytics Plus before 4.3.5 allows remote attackers to read arbitrary files, enumerate folders and scan internal ports via crafted XML license file...

Xxe

Out-of-Band XML External Entity OOB-XXE vulnerability in Zoho ManageEngine Analytics Plus before 4.3.5 allows remote attackers to read arbitrary files, enumerate folders and scan internal ports via crafted XML license file...

CVE-2020-21641

Summary: CVE-2020-21641 affects Zoho ManageEngine Analytics Plus prior to 4.3.5. The issue is an Out-of-Band XML External Entity (OOB-XXE) in the handling of a crafted XML license file used by the product. What is affected: ManageEngine Analytics Plus (versions before 4.3.5). The vulnerability so...

CVE-2020-21641

Out-of-Band XML External Entity OOB-XXE vulnerability in Zoho ManageEngine Analytics Plus before 4.3.5 allows remote attackers to read arbitrary files, enumerate folders and scan internal ports via crafted XML license file...

Mail.ru: OOB XXE

Limited XXE on XML request processing led to blind SSRF possibility OOB XXE on one of Ext. B Mail.ru domains, which could be exploited as blind SSRF...

NovaRad NovaPACS Diagnostics Viewer v8.5 OOB XXE File Disclosure

Summary NovaPACS revolutionary workflow infrastructure has been designed and developed using the expertise of radiology directors, technicians, PACS administrators for over 20 years. This wealth of imaging experience has lead to over 850 installations in more than 15 countries as well as key...

Fortify Software Security Center (SSC) 17.x18.1 - XML External Entity Injection

Fortify Software Security Center SSC 17.x18.1 - XML External Entity Injection Details ================ Software: Fortify SSC Software Security Center Version: 17.10, 17.20 & 18.10 Homepage: https://www.microfocus.com Advisory report: https://github.com/alt3kx/CVE-2018-12463 CVE: CVE-2018-12463 at...

Fortify Software Security Center (SSC) 17.x/18.1 - XML External Entity Injection

Details ================ Software: Fortify SSC Software Security Center Version: 17.10, 17.20 & 18.10 Homepage: https://www.microfocus.com Advisory report: https://github.com/alt3kx/CVE-2018-12463 CVE: CVE-2018-12463 at https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12463 CVSS: HIGH...

SearchBlox 8.6.7 - XML External Entity Injection

SearchBlox 8.6.7 - XML External Entity Injection Exploit Title: SearchBlox 8.6.7 Out-Of-Band XML eXternal Entity OOB-XXE Exploit Author: Ahmet GUREL, Canberk BOLAT Software Link: https://www.searchblox.com/ Version: = SearchBlox Version 8.6.7 Platform: Java Tested on: Windows CVE: CVE-2018-11586 ...

SearchBlox 8.6.7 - XML External Entity Injection Vulnerability

Exploit for java platform in category web applications Exploit Title: SearchBlox 8.6.7 Out-Of-Band XML eXternal Entity OOB-XXE Exploit Author: Ahmet GUREL, Canberk BOLAT Software Link: https://www.searchblox.com/ Version: = SearchBlox Version 8.6.7 Platform: Java Tested on: Windows CVE:...

SearchBlox 8.6.7 XML External Entity Injection

Exploit Title: SearchBlox 8.6.7 Out-Of-Band XML eXternal Entity OOB-XXE Exploit Author: Ahmet GUREL, Canberk BOLAT Software Link: https://www.searchblox.com/ Version: = SearchBlox Version 8.6.7 Platform: Java Tested on: Windows CVE: CVE-2018-11586 1. DETAILS An XML External Entity attack is a typ...

SearchBlox 8.6.7 - XML External Entity Injection

Exploit Title: SearchBlox 8.6.7 Out-Of-Band XML eXternal Entity OOB-XXE Exploit Author: Ahmet GUREL, Canberk BOLAT Software Link: https://www.searchblox.com/ Version: = SearchBlox Version 8.6.7 Platform: Java Tested on: Windows CVE: CVE-2018-11586 1. DETAILS An XML External Entity attack is a typ...

Mail.ru: Blind XXE on my.mail.ru

Blind XXE in my.mail.ru Moi Mir avatar upload feature. Moi Mir is not covered by regular Bug Bounty program, a bounty was awarded as a bones due to high potential impact. Blind OOB XXE issue was found in upload avatar feature...