2720 matches found
Nokia NetAct 代码问题漏洞
Nokia NetAct is a network management system from Nokia, Finland. A security vulnerability exists in Nokia NetAct versions prior to 22 FP2211, which stems from a lack of input validation and proper XML parser configuration...
CVE-2023-26058
CVE-2023-26058 – Nokia NetAct XXE : Multiple sources confirm an XML External Entity vulnerability in Nokia NetAct prior to 22 FP2211, exploitable via an XML document to a Performance Manager page. The root cause is missing input validation and improper XML parser configuration. Impact is describe...
CVE-2023-26057
The CVE-2023-26057 entry describes an XXE flaw in Nokia NetAct before 22 FP2211, exploitable via an XML document to the Configuration Dashboard page. Root cause: missing input validation and a misconfigured XML parser, potentially allowing access to sensitive data or SSRF when parsing XML. Impact...
FreeBSD : py39-OWSLib -- arbitrary file read vulnerability (e5d117b3-2153-4129-81ed-42b0221afa78)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the e5d117b3-2153-4129-81ed-42b0221afa78 advisory. - OWSLib is a Python package for client programming with Open Geospatial Consortium OGC web service...
Zoho ManageEngine Applications Manager 代码问题漏洞
ZOHO ManageEngine Applications Manager is a set of IT operation and maintenance management solutions of the United States ZhuoHao ZOHO company. The product features application performance management, fault management, report generation, and SLA management. A security vulnerability exists in Zoho...
Automated Logic Corporation ALC WebCTRL, Liebert SiteScan, Carrier i-VU Improper Restriction of XML External Entity Reference (CVE-2016-5795)
An XXE issue was discovered in Automated Logic Corporation ALC Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior. An attacker could enter malicious input to WebCTRL, i-Vu, or SiteScan Web through a weakly configured XML parser...
Automated Logic Corporation ALC WebCTRL, Liebert SiteScan, Carrier i-VU Improper Restriction of XML External Entity Reference (CVE-2016-5795)
An XXE issue was discovered in Automated Logic Corporation ALC Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior. An attacker could enter malicious input to WebCTRL, i-Vu, or SiteScan Web through a weakly configured XML parser...
Automated Logic Corporation WebCTRL Improper Restriction of XML External Entity Reference (CVE-2018-8819)
An XXE issue was discovered in Automated Logic Corporation ALC WebCTRL Versions 6.0, 6.1 and 6.5. An unauthenticated attacker could enter malicious input to WebCTRL and a weakly configured XML parser will allow the application to disclose full file contents from the underlying web server OS via t...
Automated Logic Corporation ALC WebCTRL, Liebert SiteScan, Carrier i-VU Improper Restriction of XML External Entity Reference (CVE-2016-5795)
An XXE issue was discovered in Automated Logic Corporation ALC Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior. An attacker could enter malicious input to WebCTRL, i-Vu, or SiteScan Web through a weakly configured XML parser...
Vertiv Liebert SiteScan Web Improper Restriction of XML External Entity Reference (CVE-2016-8348)
An XML External Entity XXE issue was discovered in Emerson Liebert SiteScan Web Version 6.5, and prior. An attacker may enter malicious input to Liebert SiteScan through a weakly configured XML parser causing the application to execute arbitrary code or disclose file contents from a server or...
GHSA-VQ5H-QGXM-2M39 Jenkins Crap4J Plugin vulnerable to XML external entity (XXE) attacks
Jenkins Crap4J Plugin 0.9 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control Crap Report file contents to have Jenkins parse a crafted XML document that uses external entities for extraction of secrets from the Jenkins...
GHSA-QGM7-M77F-J8PF Jenkins Performance Publisher Plugin vulnerable to XML external entity (XXE) attacks
Jenkins Performance Publisher Plugin 8.09 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control PerfPublisher report files to have Jenkins parse a crafted XML document that uses external entities for extraction of secrets...
Jenkins Performance Publisher Plugin vulnerable to XML external entity (XXE) attacks
Jenkins Performance Publisher Plugin 8.09 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control PerfPublisher report files to have Jenkins parse a crafted XML document that uses external entities for extraction of secrets...
CVE-2023-28681
Jenkins Visual Studio Code Metrics Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2023-28684
Jenkins remote-jobs-view-plugin Plugin 0.0.3 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2023-28680
Jenkins Crap4J Plugin 0.9 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2023-28681
Jenkins Visual Studio Code Metrics Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2023-28683
Jenkins Phabricator Differential Plugin 2.1.5 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2023-28684
Jenkins remote-jobs-view-plugin Plugin 0.0.3 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
Xxe
Jenkins Visual Studio Code Metrics Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...