89 matches found
Fortify Software Security Center (SSC) 17.x/18.1 - XML External Entity Injection
Details ================ Software: Fortify SSC Software Security Center Version: 17.10, 17.20 & 18.10 Homepage: https://www.microfocus.com Advisory report: https://github.com/alt3kx/CVE-2018-12463 CVE: CVE-2018-12463 at https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12463 CVSS: HIGH...
CVE-2018-12463
An XML external entity XXE vulnerability in Fortify Software Security Center SSC, version 17.1, 17.2, 18.1 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request...
CVE-2018-12463
An XML external entity XXE vulnerability in Fortify Software Security Center SSC, version 17.1, 17.2, 18.1 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request...
Security Bulletin: Public disclosed vulnerability from Apache Struts affects IBM Spectrum LSF Explorer
Summary Public disclosed vulnerability from Apache Struts affects IBM Spectrum LSF Explorer. Vulnerability Details CVEID: CVE-2018-1327 DESCRIPTION: Apache Struts is vulnerable to a denial of service. By sending a specially crafted XML request using the XStream handler with the Struts REST plugin...
Directory traversal
WireMock before 2.16.0 contains a vulnerability that allows a remote unauthenticated attacker to access local files beyond the application directory via a specially crafted XML request, aka Directory Traversal...
CVE-2018-9117
WireMock before 2.16.0 contains a vulnerability that allows a remote unauthenticated attacker to access local files beyond the application directory via a specially crafted XML request, aka Directory Traversal...
CVE-2018-9117
WireMock before 2.16.0 contains a vulnerability that allows a remote unauthenticated attacker to access local files beyond the application directory via a specially crafted XML request, aka Directory Traversal...
CVE-2018-9117
WireMock before 2.16.0 contains a vulnerability that allows a remote unauthenticated attacker to access local files beyond the application directory via a specially crafted XML request, aka Directory Traversal...
CVE-2018-9117
CVE-2018-9117 affects WireMock before 2.16.0, where a remote unauthenticated attacker can access local files outside the application directory by sending a specially crafted XML request, i.e., a Directory Traversal. Root cause described as an XML-based traversal vulnerability; several connected s...
Cisco ASA - Crash (PoC)
Cisco ASA CVE-2018-0101 Crash PoC We basically just read: https://www.nccgroup.trust/globalassets/newsroom/uk/events/2018/02/reconbrx2018-robin-hood-vs-cisco-asa.pdf @zerosum0x0, @jennamagius, @alephnaught import requests, sys headers = headers'User-Agent' = 'Open AnyConnect VPN Agent...
Xxe
XML external entity XXE vulnerability in the RSSDashlet dashlet in SugarCRM before 6.5.17 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request...
CVE-2014-3005
XML external entity XXE vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request...
CVE-2014-3244
XML external entity XXE vulnerability in the RSSDashlet dashlet in SugarCRM before 6.5.17 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request...
CVE-2014-3244
XML external entity XXE vulnerability in the RSSDashlet dashlet in SugarCRM before 6.5.17 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request...
Server side request forgery (ssrf)
XML external entity XXE vulnerability in the import package functionality of the deployment module in Lansweeper before 6.0.100.67 allows remote authenticated users to obtain sensitive information, cause a denial of service, conduct server-side request forgery SSRF attacks, conduct internal port...
CVE-2017-11457
XML external entity XXE vulnerability in com.sap.km.cm.ice in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to read arbitrary files or conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request, aka SAP Security Note 2387249...
CVE-2017-11457
XML external entity XXE vulnerability in com.sap.km.cm.ice in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to read arbitrary files or conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request, aka SAP Security Note 2387249...
Service Detection with '<xml/>' Request
This plugin performs service detection. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.108198";...
PYSEC-2017-25
XML External Entity XXE vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response...
CVE-2016-10149
XML External Entity XXE vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response...