Vertiv Liebert SiteScan Web Improper Restriction of XML External Entity Reference (CVE-2016-8348)

An XML External Entity XXE issue was discovered in Emerson Liebert SiteScan Web Version 6.5, and prior. An attacker may enter malicious input to Liebert SiteScan through a weakly configured XML parser causing the application to execute arbitrary code or disclose file contents from a server or...

Automated Logic Corporation ALC WebCTRL, Liebert SiteScan, Carrier i-VU Improper Restriction of XML External Entity Reference (CVE-2016-5795)

An XXE issue was discovered in Automated Logic Corporation ALC Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior. An attacker could enter malicious input to WebCTRL, i-Vu, or SiteScan Web through a weakly configured XML parser...

CVE-2022-2458

An XML external entity injectionXXE vulnerability was found in Business Central. This flaw allows an attacker to interfere with an application's processing of XML data. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. T...

CVE-2020-12684

XXE injection can occur in i-net Clear Reports 2019 19.0.287 Designer, as used in i-net HelpDesk and other products, when XML input containing a reference to an external entity is processed by a weakly configured XML parser...

CVE-2018-12243

The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity XXE exploit, which is a type of issue where XML input containing a reference to an external entity is processed by a weakly configured XML parser. The attack uses file URI schemes or relative paths ...

CVE-2018-12243

Symantec Messaging Gateway (SMG) versions prior to 10.6.6 are vulnerable to an XML external entity (XXE) flaw (CVE-2018-12243). The issue arises from a weakly configured XML parser that can process XML input containing external entity references, enabling access to files via file:// URIs or relat...

Design/Logic Flaw

An XXE issue was discovered in Automated Logic Corporation ALC WebCTRL Versions 6.0, 6.1 and 6.5. An unauthenticated attacker could enter malicious input to WebCTRL and a weakly configured XML parser will allow the application to disclose full file contents from the underlying web server OS via t...

SearchBlox 8.6.7 XML External Entity Injection

Exploit Title: SearchBlox 8.6.7 Out-Of-Band XML eXternal Entity OOB-XXE Exploit Author: Ahmet GUREL, Canberk BOLAT Software Link: https://www.searchblox.com/ Version: = SearchBlox Version 8.6.7 Platform: Java Tested on: Windows CVE: CVE-2018-11586 1. DETAILS An XML External Entity attack is a typ...