CVE-2023-41203 D-Link DAP-1325 SetAPLanSettings PrimaryDNS Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-1325 SetAPLanSettings PrimaryDNS Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this...

XML External Entity (XXE)

scrapy is vulnerable to XML External Entity XXE. The vulnerability is due to the lxml.etree.fromstring function which lacks input validation, enabling attackers to execute denial of service attacks, access local files, create network connections, or bypass firewalls through specially crafted XML...

UBUNTU-CVE-2024-3572

The scrapy/scrapy project is vulnerable to XML External Entity XXE attacks due to the use of lxml.etree.fromstring for parsing untrusted XML data without proper validation. This vulnerability allows attackers to perform denial of service attacks, access local files, generate network connections, ...

CVE-2024-3572

CVE-2024-3572 – Summary The Scrapy project (scrapy/scrapy) is vulnerable to XML External Entity (XXE) attacks due to parsing untrusted XML with lxml.etree.fromstring without proper validation. The underlying issue lies in how XML is parsed, enabling a remote attacker to cause denial of service, a...

CVE-2024-3572 XML External Entity (XXE) Vulnerability in scrapy/scrapy

The scrapy/scrapy project is vulnerable to XML External Entity XXE attacks due to the use of lxml.etree.fromstring for parsing untrusted XML data without proper validation. This vulnerability allows attackers to perform denial of service attacks, access local files, generate network connections, ...

CVE-2023-6721

An XEE vulnerability has been found in Repox, which allows a remote attacker to interfere with the application's XML data processing in the fileupload function, resulting in interaction between the attacker and the server's file system...

CVE-2023-6721

CVE-2023-6721 is an XML External Entity (XXE) vulnerability in Repox that affects the XML data processing in the fileupload function, enabling a remote attacker to cause interaction with the server’s filesystem. Public sources consistently describe this as an XXE issue with high impact. CNNVD not...

PT-2023-36081 · Repox · Repox

Name of the Vulnerable Software and Affected Versions: Repox affected versions not specified Description: A vulnerability has been found that allows a remote attacker to interfere with the application's XML data processing in the fileupload function. This results in interaction between the attack...

Siemens OPC UA Modeling Editor (SiOME) XML External Entity Injection Vulnerability

Siemens OPC UA Modeling Editor SiOME is a free tool to create OPC UA information models or map existing companion specifications. An XML external entity injection vulnerability exists in Siemens OPC UA Modeling Editor SiOME, which can be exploited by an attacker to interfere with the application'...

Xxe

A vulnerability has been identified in Siemens OPC UA Modelling Editor SiOME All versions V2.8. Affected products suffer from a XML external entity XXE injection vulnerability. This vulnerability could allow an attacker to interfere with an application's processing of XML data and read arbitrary...

CVE-2023-45727

Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier allow a remote unauthenticated attacker to conduct XML External Entity XXE attacks. By processing a specially crafted request containing...

CVE-2022-32755

IBM Security Directory Server 6.4.0 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 228505...

Woodstox Vulnerability in Bamboo Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 9.1.0, 9.2.1, and 9.3.0 of Bamboo Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...

(0Day) D-Link DAP-1325 SetAPLanSettings Gateway Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of XML data provided to the HNAP1 SOAP endpoint. The issu...

(0Day) D-Link DAP-1325 get_value_of_key Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of XML data provided to the HNAP1 SOAP endpoint. The issu...

(0Day) D-Link DAP-1325 SetAPLanSettings DeviceName Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of XML data provided to the HNAP1 SOAP endpoint. The issu...

PT-2023-6107 · D Link · D-Link Dap-1325

Name of the Vulnerable Software and Affected Versions: D-Link DAP-1325 affected versions not specified Description: The issue is related to a buffer overflow in the D-Link DAP-1325 wireless signal amplifier's firmware, allowing remote attackers to execute arbitrary code. This is due to the lack o...

The vulnerability of the SetAPLanSettings function in the microprogramming software of the D-Link DAP-1325 wireless signal booster allows a intruder to execute arbitrary code.

The vulnerability of the SetAPLanSettings function in the microprogramming software of the D-Link DAP-1325 wireless signal booster is related to the execution of operations outside the buffer in memory when processing XML data. Exploiting this vulnerability allows a remote attacker to execute...

The vulnerability of the setDhcpAssignRangeUpdate lan_ipaddr() function in the D-Link DAP-1325 wireless signal booster software allows a hacker to execute arbitrary code.

The vulnerability of the setDhcpAssignRangeUpdate lanipaddr function in the microprogramming software of the D-Link DAP-1325 wireless signal booster is related to the execution of operations outside the buffer in memory during the processing of XML data at the final stage. Exploiting this...

D-Link DAP-1325 SetHostIPv6Settings IPv6Mode Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of XML data provided to the HNAP1 SOAP endpoint. The issu...