22 matches found
EUVD-2021-2011
Malware in sbrugna...
EUVD-2023-0296
Malicious code in bioql PyPI...
PT-2025-7279 · Ibm · Ibm Cognos Controller +1
Name of the Vulnerable Software and Affected Versions: IBM Cognos Controller versions 11.0.0 through 11.0.1 FP3 IBM Controller version 11.1.0 Description: The issue concerns an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this to expose...
CVE-2023-6721
An XEE vulnerability has been found in Repox, which allows a remote attacker to interfere with the application's XML data processing in the fileupload function, resulting in interaction between the attacker and the server's file system...
CVE-2023-6721
CVE-2023-6721 is an XML External Entity (XXE) vulnerability in Repox that affects the XML data processing in the fileupload function, enabling a remote attacker to cause interaction with the server’s filesystem. Public sources consistently describe this as an XXE issue with high impact. CNNVD not...
PT-2023-36081 · Repox · Repox
Name of the Vulnerable Software and Affected Versions: Repox affected versions not specified Description: A vulnerability has been found that allows a remote attacker to interfere with the application's XML data processing in the fileupload function. This results in interaction between the attack...
Xxe
A vulnerability has been identified in Siemens OPC UA Modelling Editor SiOME All versions V2.8. Affected products suffer from a XML external entity XXE injection vulnerability. This vulnerability could allow an attacker to interfere with an application's processing of XML data and read arbitrary...
The vulnerability of the SetAPLanSettings function in the microprogramming software of the D-Link DAP-1325 wireless signal booster allows a intruder to execute arbitrary code.
The vulnerability of the SetAPLanSettings function in the microprogramming software of the D-Link DAP-1325 wireless signal booster is related to the execution of operations outside the buffer in memory when processing XML data. Exploiting this vulnerability allows a remote attacker to execute...
The vulnerability of the setDhcpAssignRangeUpdate lan_ipaddr() function in the D-Link DAP-1325 wireless signal booster software allows a hacker to execute arbitrary code.
The vulnerability of the setDhcpAssignRangeUpdate lanipaddr function in the microprogramming software of the D-Link DAP-1325 wireless signal booster is related to the execution of operations outside the buffer in memory during the processing of XML data at the final stage. Exploiting this...
CVE-2023-28008
HCL Workload Automation 9.4, 9.5, and 10.1 are vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources...
CVE-2022-2458
An XML external entity injectionXXE vulnerability was found in Business Central. This flaw allows an attacker to interfere with an application's processing of XML data. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. T...
CVE-2021-38555 An XML external entity (XXE) injection vulnerability exists in Apache Any23 StreamUtils.java
An XML external entity XXE injection vulnerability was discovered in the Any23 StreamUtils.java file and is known to affect Any23 versions 2.5. XML external entity injection also known as XXE is a web security vulnerability that allows an attacker to interfere with an application's processing of...
CVE-2019-8158
An XPath entity injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An attacker can craft a GET request to page cache block rendering module that gets passed to XML data processing engine without validation. The crafted key/value GET request data...
Design/Logic Flaw
An XPath entity injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An attacker can craft a GET request to page cache block rendering module that gets passed to XML data processing engine without validation. The crafted key/value GET request data...
Xxe
IBM Operational Decision Management 8.5, 8.6, 8.7, 8.8, and 8.9 is vulnerable to a XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150170...
Security Bulletin: Apache POI as used in IBM QRadar SIEM is vulnerable to a denial of service. (CVE-2017-5644)
Summary Open Source Apache Poi Vulnerability Vulnerability Details CVEID: CVE-2017-5644 DESCRIPTION: Apache POI is vulnerable to a denial of service, cause by an XML External Entity Injection XXE error when processing XML data. By using a specially-crafted OOXML file, a remote attacker could...
php: Use after free in WDDX Deserialize when processing XML data
Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service memory corruption and application crash or possibly have unspecified other impact by triggering a wddxdeserialize call on XML data...
[SECURITY] Fedora 21 Update: mingw-xerces-c-3.1.1-11.fc21
Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Xerces-C is faithful to the XML 1.0...
Microsoft Office Excel Viewer Remote Code Execution Vulnerabilities (2858300)
This host is missing an important security update according to Microsoft Bulletin MS13-073. OpenVAS Vulnerability Test $Id: secpodmsexcelviewerms13-073.nasl 6115 2017-05-12 09:03:25Z teissa $ Microsoft Office Excel Viewer Remote Code Execution Vulnerabilities 2858300 Authors: Antu Sanadi Copyrigh...
Code injection
Unspecified vulnerability in the JAX-WS client and service in Sun Java Runtime Environment JRE in JDK and JRE 6 Update 6 and earlier allows remote attackers to access URLs or cause a denial of service via unknown vectors involving "processing of XML data" by a trusted application...