Lucene search
+L

7706 matches found

Cvelist
Cvelist
added 2013/08/09 11:0 p.m.23 views

CVE-2013-2796

Schneider Electric Vijeo Citect 7.20 and earlier, CitectSCADA 7.20 and earlier, and PowerLogic SCADA 7.20 and earlier allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML document containing an...

6.9AI score0.00732EPSS
Exploits0References2
CVE
CVE
added 2013/08/09 11:0 p.m.67 views

CVE-2013-2796

This entry (CVE-2013-2796) describes an XML External Entity (XXE) vulnerability in Schneider Electric products: Vijeo Citect 7.20 and earlier, CitectSCADA 7.20 and earlier, and PowerLogic SCADA 7.20 and earlier. The underlying issue is improper restriction of XML entities, allowing a remote attac...

6.9CVSS7.1AI score0.00732EPSS
Exploits0References2Affected Software3
OpenVAS
OpenVAS
added 2013/08/08 12:0 a.m.43 views

Sybase EAServer <= 6.3.1 Multiple Security Vulnerabilities - Active Check

Sybase EAServer is prone to multiple security vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

7.4AI score
Exploits0References1
OpenVAS
OpenVAS
added 2013/08/01 12:0 a.m.29 views

Ubuntu Update for libxml2 USN-1904-2

Check for the Version of libxml2 OpenVAS Vulnerability Test $Id: gbubuntuUSN19042.nasl 8672 2018-02-05 16:39:18Z teissa $ Ubuntu Update for libxml2 USN-1904-2 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free softwar...

6.8CVSS8.4AI score0.04733EPSS
Exploits1References2
securityvulns
securityvulns
added 2013/07/19 12:0 a.m.181 views

SEC Consult SA-20130625-0 :: Multiple vulnerabilities in IceWarp Mail Server

SEC Consult Vulnerability Lab Security Advisory 20130625-0 ======================================================================= title: Multiple vulnerabilities in IceWarp Mail Server product: IceWarp Mail Server vulnerable version: =10.4.5 fixed version: 10.4.5-1 impact: Critical homepage:...

6.8AI score
Exploits0
OpenVAS
OpenVAS
added 2013/07/09 12:0 a.m.70 views

Atlassian Crowd XXE Vulnerability (CWD-3366) - Active Check

Atlassian Crowd is prone to an XML external entity XXE vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

5.8CVSS9.3AI score0.01758EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2013/07/09 12:0 a.m.21 views

Ubuntu 12.04 LTS : raptor2 vulnerability (USN-1901-1)

Timothy D. Morgan discovered that Raptor would unconditionally load XML external entities. If a user were tricked into opening a specially crafted document in an application linked against Raptor, an attacker could possibly obtain access to arbitrary files on the user's system or potentially...

6.5CVSS7AI score0.13682EPSS
Exploits2References2
OpenVAS
OpenVAS
added 2013/07/09 12:0 a.m.83 views

Atlassian Crowd Xml eXternal Entity (XXE) Injection Vulnerability

This host is running Atlassian Crowd and is prone to xml external entity injection vulnerability. OpenVAS Vulnerability Test $Id: gbatlassiancrowdxxeinjvuln.nasl 5842 2017-04-03 13:15:19Z cfi $ Atlassian Crowd Xml eXternal Entity XXE Injection Vulnerability Authors: Thanga Prakash S Copyright:...

5.8CVSS0.2AI score0.01758EPSS
Exploits1References2
OSV
OSV
added 2013/07/08 8:55 p.m.8 views

CVE-2013-2202

WordPress before 3.5.2 allows remote attackers to read arbitrary files via an oEmbed XML provider response containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...

6.5AI score
Exploits0References4
Ubuntu
Ubuntu
added 2013/07/08 12:50 p.m.48 views

USN-1901-1: Raptor vulnerability

Timothy D. Morgan discovered that Raptor would unconditionally load XML external entities. If a user were tricked into opening a specially crafted document in an application linked against Raptor, an attacker could possibly obtain access to arbitrary files on the user's system or potentially...

6.5CVSS6.9AI score0.13682EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2013/07/03 12:0 a.m.26 views

Atlassian Crowd XML External Entity Request Handling Arbitrary File Disclosure

The version of Atlassian Crowd installed on the remote host is affected by an XML External Entity XXE vulnerability. This vulnerability could allow a remote, unauthenticated attacker to retrieve arbitrary files from the remote host by sending a specially crafted HTTP request with a Document Type...

5.8CVSS5.9AI score0.01758EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2013/07/02 12:0 a.m.169 views

ModSecurity < 2.7.3 XML External Entity (XXE) Data Parsing Arbitrary File Disclosure

According to its banner, the version of ModSecurity installed on the remote host is earlier than 2.7.3. It is, therefore, potentially affected by a file disclosure vulnerability. An improperly configured XML parser could allow untrusted XML entities from external sources to be accepted, thus...

7.5CVSS5.8AI score0.04208EPSS
Exploits1References4
NVD
NVD
added 2013/07/01 9:55 p.m.44 views

CVE-2013-3925

Atlassian Crowd 2.5.x before 2.5.4, 2.6.x before 2.6.3, 2.3.8, and 2.4.9 allows remote attackers to read arbitrary files and send HTTP requests to intranet servers via a request to 1 /services/2 or 2 services/latest with a DTD containing an XML external entity declaration in conjunction with an...

5.8CVSS6.6AI score0.01758EPSS
Exploits1References2
Prion
Prion
added 2013/07/01 9:55 p.m.22 views

Xxe

Atlassian Crowd 2.5.x before 2.5.4, 2.6.x before 2.6.3, 2.3.8, and 2.4.9 allows remote attackers to read arbitrary files and send HTTP requests to intranet servers via a request to 1 /services/2 or 2 services/latest with a DTD containing an XML external entity declaration in conjunction with an...

5.8CVSS7.2AI score0.01758EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2013/07/01 9:0 p.m.43 views

CVE-2013-3925

Atlassian Crowd 2.5.x before 2.5.4, 2.6.x before 2.6.3, 2.3.8, and 2.4.9 allows remote attackers to read arbitrary files and send HTTP requests to intranet servers via a request to 1 /services/2 or 2 services/latest with a DTD containing an XML external entity declaration in conjunction with an...

9AI score0.01758EPSS
Exploits1References2
CVE
CVE
added 2013/07/01 9:0 p.m.68 views

CVE-2013-3925

CVE-2013-3925 affects Atlassian Crowd prior to version 2.5.4, 2.6.x prior to 2.6.3, as well as 2.3.8 and 2.4.9. The flaw is an XML External Entity (XXE) vulnerability that enables remote attackers to read arbitrary files and cause requests to intranet servers by crafting a request to /services/2 ...

5.8CVSS8.9AI score0.01758EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2013/07/01 12:0 a.m.6 views

PT-2013-4747 · Atlassian · Crowd

Name of the Vulnerable Software and Affected Versions: Atlassian Crowd versions 2.3.8 Atlassian Crowd versions 2.4.9 Atlassian Crowd versions 2.5.x through 2.5.3 Atlassian Crowd versions 2.6.x through 2.6.2 Description: The issue allows remote attackers to read arbitrary files and send HTTP...

5.8CVSS6.5AI score0.01758EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2013/05/29 12:0 a.m.9 views

PT-2013-59: XML External Entities Injection in Huawei M2000

The specialists of the Positive Research center have detected an XML External Entities Injection vulnerability in Huawei M2000. An XML document may contain a Document Type Definition that, among other features, allows the definition of external entities. A malicious user may perform attacks aimed...

5.8CVSS7.7AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2013/05/25 12:0 a.m.35 views

WordPress < 3.5.2 Multiple Vulnerabilities

Binary data 6883.prm...

4.3CVSS6.7AI score0.03373EPSS
Exploits3References11
Metasploit
Metasploit
added 2013/05/15 1:52 a.m.50 views

SAP SMB Relay Abuse

This module exploits provides several SMB Relay abuse through different SAP services and functions. The attack is done through specially crafted requests including a UNC Path which will be accessing by the SAP system while trying to process the request. In order to get the hashes the...

0.2AI score
Exploits0
Rows per page
Query Builder