EUVD-2015-8149

Malware in sbrugna...

The vulnerability of the OpenID authentication module of the Chamilo LMS system, related to the lack of verification of the validity of XML objects’ sequences, allows attackers to execute arbitrary SQL queries.

The vulnerability of the OpenID authentication module in the Chamilo LMS system relates to the lack of verification of the authenticity of XML objects. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

CVE-2025-1781

There is a XXE in W3CSS Validator versions before cssval-20250226 that allows an attacker to use specially-crafted XML objects to coerce server-side request forgery SSRF. This could be exploited to read arbitrary local files if an attacker has access to exception messages...

The vulnerability of the automation_get_new_graphs_sql function in the Cacti network monitoring software allows a hacker to execute arbitrary SQL queries.

The vulnerability of the automationgetnewgraphssql function in the Cacti network monitoring software is related to the lack of validation for XML object sequences. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

The vulnerability of Microsoft XML (MSXML) syntax analysis in the Windows operating system allows a hacker to execute arbitrary code.

The vulnerability of Microsoft XML MSXML operating system-based systems lies in errors related to restricting XML references to external objects. Exploiting this vulnerability allows a malicious actor to execute arbitrary code via a specially created web page from a remote location...

The vulnerability of the SAP NetWeaver software integration platform lies in errors in processing external XML objects during XML file analysis, which allows attackers to trigger service failures.

The vulnerability of the SAP NetWeaver software integration platform is related to errors in processing external XML objects during the analysis of XML files XXE. Exploiting this vulnerability allows a malicious actor to cause service failures by using a specially crafted request...

CVE-2015-8261

The DroneDeleteOldMeasurements implementation in Ipswitch WhatsUp Gold before 16.4 does not properly validate serialized XML objects, which allows remote attackers to conduct SQL injection attacks via a crafted SOAP request...

PT-2008-4870 · Microsoft · Internet Explorer

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer version 6 Description: The issue arises from improper error handling when using the componentFromPoint method on xml objects that have been incorrectly initialized or deleted, allowing remote attackers to execute...

CVE-2003-0245

Vulnerability in the aprpsprintf function in the Apache Portable Runtime APR library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via long strings, as demonstrated using XML objects to moddav, and possibly other...

ie50.xml.txt

Disclaimer: The opinions expressed in this advisory and program are my own and not of any company. The usual standard disclaimer applies, especially the fact that Georgi Guninski is not liable for any damages caused by direct or indirect use of the information or functionality provided by this...