Lucene search
+L

4 matches found

NVD
NVD
added 2019/11/26 1:15 a.m.20 views

CVE-2011-3600

The /webtools/control/xmlrpc endpoint in OFBiz XML-RPC event handler is exposed to External Entity Injection by passing DOCTYPE declarations with executable payloads that discloses the contents of files in the filesystem. In addition, it can also be used to probe for open network ports, and figur...

7.5CVSS7.6AI score0.1591EPSS
Exploits0References5
OSV
OSV
added 2019/11/13 5:15 p.m.4 views

CVE-2019-16948

An SSRF issue was discovered in Enghouse Web Chat 6.1.300.31. In any POST request, one can replace the port number at WebServiceLocation=http://localhost:8085/UCWebServices/ with a range of ports to determine what is visible on the internal network as opposed to what general web traffic would see...

9.8CVSS7.3AI score0.01335EPSS
Exploits1References1
CNVD
CNVD
added 2017/07/11 12:0 a.m.6 views

niushop_b2c Pay.php has xml entity injection vulnerability

Niushop open source mall National first commercial free four-in-one completely open source 100% open source The country's first set of B2B2C multi-user mall + micro letter micro-distribution + e-commerce platform investment operation + iOS, Android multi-platform client PHP open source e-commerce...

7.6AI score
Exploits0
Positive Technologies
Positive Technologies
added 2016/04/13 12:0 a.m.7 views

PT-2016-5380 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.5.1 Description: The issue allows physically proximate attackers to cause a denial of service, resulting in a NULL pointer dereference and system crash, via a USB device without both an interrupt-in and an...

10CVSS7.4AI score0.2593EPSS
Exploits100References741
Rows per page
Query Builder