Automated Logic Corporation ALC WebCTRL, Liebert SiteScan, Carrier i-VU Improper Restriction of XML External Entity Reference (CVE-2016-5795)

An XXE issue was discovered in Automated Logic Corporation ALC Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior. An attacker could enter malicious input to WebCTRL, i-Vu, or SiteScan Web through a weakly configured XML parser...

Vertiv Liebert SiteScan Web Improper Restriction of XML External Entity Reference (CVE-2016-8348)

An XML External Entity XXE issue was discovered in Emerson Liebert SiteScan Web Version 6.5, and prior. An attacker may enter malicious input to Liebert SiteScan through a weakly configured XML parser causing the application to execute arbitrary code or disclose file contents from a server or...

CVE-2022-2458

An XML external entity injectionXXE vulnerability was found in Business Central. This flaw allows an attacker to interfere with an application's processing of XML data. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. T...

CVE-2018-12243

The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity XXE exploit, which is a type of issue where XML input containing a reference to an external entity is processed by a weakly configured XML parser. The attack uses file URI schemes or relative paths ...

Design/Logic Flaw

An XXE issue was discovered in Automated Logic Corporation ALC WebCTRL Versions 6.0, 6.1 and 6.5. An unauthenticated attacker could enter malicious input to WebCTRL and a weakly configured XML parser will allow the application to disclose full file contents from the underlying web server OS via t...