Lucene search
K

89 matches found

Exploit DB
Exploit DB
added 2018/07/16 12:0 a.m.77 views

Fortify Software Security Center (SSC) 17.x/18.1 - XML External Entity Injection

Details ================ Software: Fortify SSC Software Security Center Version: 17.10, 17.20 & 18.10 Homepage: https://www.microfocus.com Advisory report: https://github.com/alt3kx/CVE-2018-12463 CVE: CVE-2018-12463 at https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12463 CVSS: HIGH...

9.8CVSS8.7AI score0.13849EPSS
Exploits4
NVD
NVD
added 2018/07/12 4:29 p.m.27 views

CVE-2018-12463

An XML external entity XXE vulnerability in Fortify Software Security Center SSC, version 17.1, 17.2, 18.1 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request...

9.8CVSS7.6AI score0.13849EPSS
Exploits4References3
OSV
OSV
added 2018/07/12 4:29 p.m.5 views

CVE-2018-12463

An XML external entity XXE vulnerability in Fortify Software Security Center SSC, version 17.1, 17.2, 18.1 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request...

9.8CVSS5.9AI score0.13849EPSS
Exploits4References3
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 1:42 a.m.25 views

Security Bulletin: Public disclosed vulnerability from Apache Struts affects IBM Spectrum LSF Explorer

Summary Public disclosed vulnerability from Apache Struts affects IBM Spectrum LSF Explorer. Vulnerability Details CVEID: CVE-2018-1327 DESCRIPTION: Apache Struts is vulnerable to a denial of service. By sending a specially crafted XML request using the XStream handler with the Struts REST plugin...

7.5CVSS0.5AI score0.09224EPSS
Exploits1Affected Software1
Prion
Prion
added 2018/03/29 7:29 a.m.15 views

Directory traversal

WireMock before 2.16.0 contains a vulnerability that allows a remote unauthenticated attacker to access local files beyond the application directory via a specially crafted XML request, aka Directory Traversal...

5CVSS5.3AI score0.02658EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2018/03/29 7:29 a.m.16 views

CVE-2018-9117

WireMock before 2.16.0 contains a vulnerability that allows a remote unauthenticated attacker to access local files beyond the application directory via a specially crafted XML request, aka Directory Traversal...

5.3CVSS5.3AI score0.02658EPSS
Exploits0References1
OSV
OSV
added 2018/03/29 7:29 a.m.10 views

CVE-2018-9117

WireMock before 2.16.0 contains a vulnerability that allows a remote unauthenticated attacker to access local files beyond the application directory via a specially crafted XML request, aka Directory Traversal...

5.3CVSS7AI score
Exploits0References1
Cvelist
Cvelist
added 2018/03/29 7:0 a.m.14 views

CVE-2018-9117

WireMock before 2.16.0 contains a vulnerability that allows a remote unauthenticated attacker to access local files beyond the application directory via a specially crafted XML request, aka Directory Traversal...

5.3AI score0.02658EPSS
Exploits0References1
CVE
CVE
added 2018/03/29 7:0 a.m.46 views

CVE-2018-9117

CVE-2018-9117 affects WireMock before 2.16.0, where a remote unauthenticated attacker can access local files outside the application directory by sending a specially crafted XML request, i.e., a Directory Traversal. Root cause described as an XML-based traversal vulnerability; several connected s...

5.3CVSS5.2AI score0.02658EPSS
Exploits0References1Affected Software1
Exploit DB
Exploit DB
added 2018/02/07 12:0 a.m.120 views

Cisco ASA - Crash (PoC)

Cisco ASA CVE-2018-0101 Crash PoC We basically just read: https://www.nccgroup.trust/globalassets/newsroom/uk/events/2018/02/reconbrx2018-robin-hood-vs-cisco-asa.pdf @zerosum0x0, @jennamagius, @alephnaught import requests, sys headers = headers'User-Agent' = 'Open AnyConnect VPN Agent...

10CVSS9.5AI score0.87397EPSS
Exploits7
Prion
Prion
added 2018/02/01 5:29 p.m.23 views

Xxe

XML external entity XXE vulnerability in the RSSDashlet dashlet in SugarCRM before 6.5.17 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request...

7.5CVSS8AI score0.05138EPSS
Exploits1References3Affected Software1
UbuntuCve
UbuntuCve
added 2018/02/01 5:29 p.m.40 views

CVE-2014-3005

XML external entity XXE vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request...

9.8CVSS7.4AI score0.05303EPSS
Exploits1References3
NVD
NVD
added 2018/02/01 5:29 p.m.16 views

CVE-2014-3244

XML external entity XXE vulnerability in the RSSDashlet dashlet in SugarCRM before 6.5.17 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request...

9.8CVSS9.5AI score0.05138EPSS
Exploits1References3
Cvelist
Cvelist
added 2018/02/01 5:0 p.m.20 views

CVE-2014-3244

XML external entity XXE vulnerability in the RSSDashlet dashlet in SugarCRM before 6.5.17 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request...

9.6AI score0.05138EPSS
Exploits1References3
Prion
Prion
added 2017/10/10 1:29 p.m.10 views

Server side request forgery (ssrf)

XML external entity XXE vulnerability in the import package functionality of the deployment module in Lansweeper before 6.0.100.67 allows remote authenticated users to obtain sensitive information, cause a denial of service, conduct server-side request forgery SSRF attacks, conduct internal port...

6.5CVSS9.3AI score0.01987EPSS
Exploits2References3Affected Software1
NVD
NVD
added 2017/07/25 6:29 p.m.32 views

CVE-2017-11457

XML external entity XXE vulnerability in com.sap.km.cm.ice in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to read arbitrary files or conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request, aka SAP Security Note 2387249...

6.5CVSS6.3AI score0.01373EPSS
Exploits0References2
Cvelist
Cvelist
added 2017/07/25 6:0 p.m.42 views

CVE-2017-11457

XML external entity XXE vulnerability in com.sap.km.cm.ice in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to read arbitrary files or conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request, aka SAP Security Note 2387249...

6.3AI score0.01373EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2017/07/20 12:0 a.m.14 views

Service Detection with '<xml/>' Request

This plugin performs service detection. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.108198";...

7AI score
Exploits0
PyPA
PyPA
added 2017/03/24 2:59 p.m.5 views

PYSEC-2017-25

XML External Entity XXE vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response...

7.5CVSS7AI score0.0386EPSS
Exploits0References11Affected Software1
Debian CVE
Debian CVE
added 2017/03/24 2:0 p.m.22 views

CVE-2016-10149

XML External Entity XXE vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response...

7.5CVSS7.5AI score0.0386EPSS
Exploits0
Rows per page
Query Builder