7 matches found
CVE-2021-20839
Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity XXE attack to cause a denial of service DoS condition to the other servers by processing a specially crafted XML document...
CVE-2020-26705
The parseXML function in Easy-XML 0.5.0 was discovered to have a XML External Entity XXE vulnerability which allows for an attacker to expose sensitive data or perform a denial of service DOS via a crafted external entity entered into the XML content as input...
CVE-2018-20157
The data import functionality in OpenRefine through 3.1 allows an XML External Entity XXE attack through a crafted zip file, allowing attackers to read arbitrary files...
CVE-2017-12623
An authorized user could upload a template which contained malicious code and accessed sensitive files via an XML External Entity XXE attack. The fix to properly handle XML External Entities was applied on the Apache NiFi 1.4.0 release. Users running a prior 1.x release should upgrade to the...
Xxe
PHPDocX, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity XXE attack...
CVE-2012-5657
The 1 ZendFeedRss and 2 ZendFeedAtom classes in ZendFeed in Zend Framework 1.11.x before 1.11.15 and 1.12.x before 1.12.1 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service CPU and memory consumption via an XML External...
RHEL 5 : openoffice.org (RHSA-2012:0411)
The remote Redhat Enterprise Linux 5 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2012:0411 advisory. OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation...