30 matches found
CVE-2019-2781
Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications subcomponent: XML Interface. Supported versions that are affected are 8.9.6, 8.10.2 and 8.11-8.14. Easily exploitable vulnerability allows low privileged attacker with network access via TCP/IP to compromi...
Buffer overflow
Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications subcomponent: XML Interface. Supported versions that are affected are 8.9.6, 8.10.2 and 8.11-8.14. Easily exploitable vulnerability allows low privileged attacker with network access via TCP/IP to compromi...
CVE-2019-2781
Oracle Hospitality Suite8’s XML Interface contains a network-exposed vulnerability affecting versions 8.9.6, 8.10.2, and 8.11–8.14. The issue allows a low-privilege, network-attached attacker to access sensitive data within Oracle Hospitality Suite8. CVSS 3.0 base score is 6.5 with high confident...
CA PPM XML External Entity Vulnerability (CNVD-2018-17420)
CA PPM is a suite of project and portfolio management software from CA USA. The software includes features such as task management, project planning, financial reporting management and resource management. An XML external entity injection vulnerability exists in the XOG functionality in CA PPM. A...
CVE-2018-3815
The "XML Interface to Messaging, Scheduling, and Signaling" XIMSS protocol implementation in CommuniGate Pro CGP 6.2 suffers from a Missing XIMSS Protocol Validation attack that leads to an email spoofing attack, allowing a malicious authenticated attacker to send a message from any source email...
Design/Logic Flaw
The XML interface in Huawei OceanStor UDS devices with software before V100R002C01SPC102 allows remote authenticated users to obtain sensitive information via a crafted XML document...
UBUNTU-CVE-2017-9065
In WordPress before 4.7.5, there is a lack of capability checks for post meta data in the XML-RPC API...
Digital Paradise Mobile Office Middleware Interface Arbitrary XML File Read Vulnerability
Digital Paradise's MKey3G mobile office middleware is an enterprise-oriented application BYOD middleware platform, which has been widely used in energy, finance, government and enterprises. There is an arbitrary XML file reading vulnerability in the interface of Digital Paradise's mobile office...
UBUNTU-CVE-2014-5177
libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the 1 virDomainDefineXML, 2 virNetworkCreateXML, 3...
Mozilla Firefox XML User Interface Language Browser Interface Spoofing (deprecated)
Binary data 1775.prm...