2725 matches found
CVE-2018-12544
In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. This mechanism is exclusively when the developer uses the Eclipse Vert.x OpenAPI XML type validator to validate a provided schema...
Microsoft SQL Server Management Studio 17.9 - .xmla XML External Entity Injection
Microsoft SQL Server Management Studio 17.9 - .xmla XML External Entity Injection Exploit Title: Microsoft SQL Server Management Studio 17.9 - '.xmla' XML External Entity Injection Date: 2018-10-10 Author: John Page aka hyp3rlinx Website: hyp3rlinx.altervista.org Venodor: www.microsoft.com...
Microsoft SQL Server Management Studio 17.9 - .xel XML External Entity Injection
Microsoft SQL Server Management Studio 17.9 - .xel XML External Entity Injection Exploit Title: Microsoft SQL Server Management Studio 17.9 - '.xel' XML External Entity Injection Date: 2018-10-10 Author: John Page aka hyp3rlinx Website: hyp3rlinx.altervista.org Venodor: www.microsoft.com Software...
Microsoft SQL Server Management Studio 17.9 - .xel XML External Entity Injection Vulnerability
Exploit for windows platform in category web applications Exploit Title: Microsoft SQL Server Management Studio 17.9 - '.xel' XML External Entity Injection Author: John Page aka hyp3rlinx Website: hyp3rlinx.altervista.org Venodor: www.microsoft.com Software: SQL Server Management Studio 17.9 and...
Microsoft SQL Server Management Studio 17.9 - XML External Entity Injection
Exploit Title: Microsoft SQL Server Management Studio 17.9 - XML External Entity Injection Date: 2018-10-10 Author: John Page aka hyp3rlinx Website: hyp3rlinx.altervista.org Venodor: www.microsoft.com Software: SQL Server Management Studio 17.9 and SQL Server Management Studio 18.0 Preview 4 CVE:...
CVE-2018-12544
In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. This mechanism is exclusively when the developer uses the Eclipse Vert.x OpenAPI XML type validator to validate a provided schema...
CVE-2018-8494
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka "MS XML Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012,...
Microsoft Windows MS XML Remote Code Execution Vulnerability
Microsoft Windows Server 2016 and so on are a series of operating systems released by Microsoft USA.XML Core Services MSXML parser is one of the XML parsers. A remote code execution vulnerability exists in Microsoft XML Core Services MSXML parser. A remote attacker can exploit this vulnerability ...
Microsoft SQL Server Management Studio xmla File XML External Entity Processing Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft SQL Server Management Studio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...
Microsoft SQL Server Management Studio xel File XML External Entity Processing Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft SQL Server Management Studio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...
XML External Entity (XXE)
dd-plist is vulnerable to XML external entity attacks. The doctype declaration and external entities settings in the XML parser are not disabled by default which would potentially allow attackers to retrieve confidential data or perform server side request forgery...
(0Day) Wecon PIStudio xmlparser LoadXMLFile XML External Entity Processing Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Wecon PIStudio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Design/Logic Flaw
An exploitable uninitialized pointer vulnerability exists in the Office Open XML parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted document can cause an uninitialized pointer representing a TTableRow to be assigned to a variable on the stack. This variable is later...
SAP Hybris Commerce Omni Commerce Connect API Server-Side Request Forgery Vulnerability
SAP Hybris Commerce is a SAP solution for handling high visitor and order volumes in e-commerce, and the Omni Commerce Connect API OCC is one of the full-service connectivity APIs. A server-side request forgery vulnerability exists in OCC in SAP Hybris Commerce version 6. The vulnerability stems...
(0Day) Wecon LeviStudioU xmlparser LoadXMLFile XML External Entity Processing Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
CVE-2018-12243
The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity XXE exploit, which is a type of issue where XML input containing a reference to an external entity is processed by a weakly configured XML parser. The attack uses file URI schemes or relative paths ...
Xxe
The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity XXE exploit, which is a type of issue where XML input containing a reference to an external entity is processed by a weakly configured XML parser. The attack uses file URI schemes or relative paths ...
CVE-2018-8420
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka "MS XML Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows...
CVE-2018-2463
The Omni Commerce Connect API OCC of SAP Hybris Commerce, versions 6., is vulnerable to server-side request forgery SSRF attacks. This is due to a misconfiguration of XML parser that is used in the server-side implementation of OCC...
CVE-2018-2463
The Omni Commerce Connect API OCC of SAP Hybris Commerce, versions 6., is vulnerable to server-side request forgery SSRF attacks. This is due to a misconfiguration of XML parser that is used in the server-side implementation of OCC...