17 matches found
CVE-2024-51136
An XML External Entity XXE vulnerability in Dmoz2CSV in openimaj v1.3.10 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted XML file...
CVE-2024-22219
XML External Entity XXE vulnerability in Terminalfour 8.0.0001 through 8.3.18 and XML JDBC versions up to 1.0.4 allows authenticated users to submit malicious XML via unspecified features which could lead to various actions such as accessing the underlying server, remote code execution RCE, or...
CVE-2022-45397
Jenkins OSF Builder Suite : : XML Linter Plugin 1.0.2 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
Server side request forgery (ssrf)
An XML external entity XXE vulnerability in Avaya WebLM admin interface allows authenticated users to read arbitrary files or conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request. Affected versions of Avaya WebLM include: 7.0 through 7.1.3.6 and 8.0 through 8.1.2...
RHEL 8 : postgresql-jdbc (RHSA-2020:3283)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:3283 advisory. PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs ...
Xxe
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Veeam ONE 10.0.0.75020200415. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ReporterImportLicense class. Due to the improper restriction of...
exist-db:exist-core XML External Entity (XXE) vulnerability
exist version = 5.0.0-RC4 contains a XML External Entity XXE vulnerability in XML Parser for REST Server that can result in Disclosure of confidential data, denial of service, SSRF, port scanning...
CVE-2018-1000829
Anyplace version before commit 80359b4 contains a XML External Entity XXE vulnerability in Man in the middle on map API call that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This vulnerability appears to have been fixed in after commit 80359b4...
Xxe
KeePassDX version = 2.5.0.0beta17 contains a XML External Entity XXE vulnerability in kdbx file parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning...
CVE-2018-1000840
Processing Foundation Processing version 3.4 and earlier contains a XML External Entity XXE vulnerability in loadXML function that can result in An attacker can read arbitrary files and exfiltrate their contents via HTTP requests. This attack appear to be exploitable via The victim must use...
CVE-2018-1000548
Umlet version 14.3 contains a XML External Entity XXE vulnerability in File parsing that can result in disclosure of confidential data, denial of service, server side request forgery. This attack appear to be exploitable via Specially crafted UXF file. This vulnerability appears to have been fixe...
Xxe
LoboEvolution version 9b75694cedfa4825d4a2330abf2719d470c654cd contains a XML External Entity XXE vulnerability in XML Parsing when viewing the XML file in the browser that can result in disclosure of confidential data, denial of service, server side request forgery. This attack appear to be...
CVE-2016-0219
XML external entity XXE vulnerability in IBM Rational Team Concert 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote authenticated users to cause a denial of service via crafted XML data. IBM X-Force ID: 109693...
CVE-2017-14101
A security researcher found an XML External Entity XXE vulnerability on the Conserus Image Repository archive solution version 2.1.1.105 by McKesson Medical Imaging Company, which is now a Change Healthcare company. An unauthenticated user supplying a modified HTTP SOAP request to the vulnerable...
Developers Targeted in ‘ParseDroid’ PoC Attack
Researchers have developed a proof of concept attack that could impact the millions of users of integrated development environments such as Intellij, Eclipse and Android Studio. Attacks can also be carried out against servers hosting development environments in the cloud. The attack vector was...
Xxe
XML External Entity XXE vulnerability in JobScheduler before 1.6.4246 and 7.x before 1.7.4241 allows remote attackers to cause a denial of service and read arbitrary files or directories via a request containing an XML external entity declaration in conjunction with an entity reference...
CVE-2014-5398 Schneider Electric Wonderware Input Validation
Schneider Electric Wonderware Information Server WIS Portal 4.0 SP1 through 5.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...