Lucene search
K

89 matches found

Cvelist
Cvelist
added 2017/03/03 3:0 p.m.27 views

CVE-2016-10127

PySAML2 allows remote attackers to conduct XML external entity XXE attacks via a crafted SAML XML request or response...

8.8AI score0.02133EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2017/03/03 3:0 p.m.22 views

CVE-2016-10127

PySAML2 allows remote attackers to conduct XML external entity XXE attacks via a crafted SAML XML request or response...

9CVSS8.9AI score0.02133EPSS
Exploits0
0day.today
0day.today
added 2016/06/21 12:0 a.m.70 views

SAP NetWeaver AS JAVA 7.1 < 7.5 - ctcprotocol Servlet XXE

Exploit for java platform in category web applications Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5 Vendor URL: http://SAP.com Bug: XXE Sent: 20.10.2015 Reported: 21.10.2015 Vendor response: 21.10.2015 Date of Public Advisory: 08.03.2016 Reference: SAP...

7.5CVSS0.1AI score0.15058EPSS
Exploits5
NVD
NVD
added 2016/04/14 2:59 p.m.22 views

CVE-2016-4014

XML external entity XXE vulnerability in the UDDI component in SAP NetWeaver JAVA AS 7.4 allows remote attackers to cause a denial of service system hang via a crafted DTD in an XML request to uddi/api/replication, aka SAP Security Note 2254389...

9CVSS8.1AI score0.05264EPSS
Exploits2References4
Prion
Prion
added 2016/04/14 2:59 p.m.23 views

Xxe

XML external entity XXE vulnerability in the UDDI component in SAP NetWeaver JAVA AS 7.4 allows remote attackers to cause a denial of service system hang via a crafted DTD in an XML request to uddi/api/replication, aka SAP Security Note 2254389...

9CVSS7AI score0.05264EPSS
Exploits2References4Affected Software1
NVD
NVD
added 2016/04/07 7:59 p.m.30 views

CVE-2016-3974

XML external entity XXE vulnerability in the Configuration Wizard in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to cause a denial of service, conduct SMB Relay attacks, or access arbitrary files via a crafted XML request to tcmonitoringwebserviceweb/ServerNodesWSService, aka SA...

9.1CVSS9AI score0.15058EPSS
Exploits5References5
Prion
Prion
added 2015/10/21 11:59 p.m.25 views

Xxe

Unspecified vulnerability in the Oracle Payments component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Punch-in. NOTE: the previous information is from the...

6.8CVSS6.3AI score0.03088EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2015/06/24 2:59 p.m.16 views

CVE-2015-5068

XML external entity XXE vulnerability in SAP Mobile Platform 3 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted XML request, aka SAP Security Note 2159601...

7.5CVSS7AI score0.02885EPSS
Exploits1References5
Cvelist
Cvelist
added 2015/06/24 2:0 p.m.22 views

CVE-2015-5068

XML external entity XXE vulnerability in SAP Mobile Platform 3 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted XML request, aka SAP Security Note 2159601...

7AI score0.02885EPSS
Exploits1References5
Cvelist
Cvelist
added 2015/05/26 2:0 p.m.27 views

CVE-2015-4091

XML external entity XXE vulnerability in SAP NetWeaver AS Java 7.4 allows remote attackers to send TCP requests to intranet servers or possibly have unspecified other impact via an XML request to tcsldwdmain/Main, related to "CIM UPLOAD," aka SAP Security Note 2090851...

7.5AI score0.02934EPSS
Exploits0References5
NVD
NVD
added 2015/03/21 1:59 a.m.19 views

CVE-2015-0670

The default configuration of Cisco Small Business IP phones SPA 300 7.5.5 and SPA 500 7.5.5 does not properly support authentication, which allows remote attackers to read audio-stream data or originate telephone calls via a crafted XML request, aka Bug ID CSCuo52482...

6.4CVSS6.6AI score0.0175EPSS
Exploits0References2
Prion
Prion
added 2015/03/21 1:59 a.m.12 views

Default configuration

The default configuration of Cisco Small Business IP phones SPA 300 7.5.5 and SPA 500 7.5.5 does not properly support authentication, which allows remote attackers to read audio-stream data or originate telephone calls via a crafted XML request, aka Bug ID CSCuo52482...

6.4CVSS7.2AI score0.0175EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2015/03/21 1:0 a.m.22 views

CVE-2015-0670

The default configuration of Cisco Small Business IP phones SPA 300 7.5.5 and SPA 500 7.5.5 does not properly support authentication, which allows remote attackers to read audio-stream data or originate telephone calls via a crafted XML request, aka Bug ID CSCuo52482...

6.6AI score0.0175EPSS
Exploits0References2
Cisco
Cisco
added 2015/03/19 9:4 p.m.21 views

Cisco Small Business SPA300 and SPA500 Series IP Phones Unauthenticated Remote Dial Vulnerability

A vulnerability in the firmware of the Cisco Small Business SPA 300 and 500 series IP phones could allow an unauthenticated, remote attacker to listen to the audio stream of an IP phone. The vulnerability is due to improper authentication settings in the default configuration. An attacker could...

6.4CVSS6.6AI score0.0175EPSS
Exploits0References1
NVD
NVD
added 2015/01/22 4:59 p.m.24 views

CVE-2015-1309

XML external entity vulnerability in the Extended Computer Aided Test Tool eCATT in SAP NetWeaver AS ABAP 7.31 and earlier allows remote attackers to access arbitrary files via a crafted XML request, related to ECATTDISPLAYXMLSTRINGREMOTE, aka SAP Note 2016638...

5CVSS6.7AI score0.02228EPSS
Exploits0References3
Prion
Prion
added 2015/01/22 4:59 p.m.19 views

Xxe

XML external entity vulnerability in the Extended Computer Aided Test Tool eCATT in SAP NetWeaver AS ABAP 7.31 and earlier allows remote attackers to access arbitrary files via a crafted XML request, related to ECATTDISPLAYXMLSTRINGREMOTE, aka SAP Note 2016638...

5CVSS7.2AI score0.02228EPSS
Exploits0References3Affected Software1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.22 views

Microsoft ASP.NET 1.0/1.1 RPC/Encoded Remote Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14217/info ASP.NET is susceptible to a remote denial of service vulnerability. This issue is due to the possibility of causing an infinite loop on the server when handling RPC/encoded requests. This issue presents itself...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/04/16 12:0 a.m.19 views

Amtelco miSecureMessages未授权访问漏洞

Bugtraq ID:66795 CVE ID:CVE-2014-0357 Amtelco miSecureMessages是一个可用于多个移动设备上的对消息进行加密的应用。 Amtelco miSecureMessages对用户消息访问缺少正确的验证,攻击者可在XML请求中提供contactID和合法许可证键值,就可以访问任意用户消息。 0 Amtelco miSecureMessages 目前没有详细解决方案: https://misecuremessages.com/...

5CVSS6.6AI score0.01848EPSS
Exploits2
seebug.org
seebug.org
added 2014/04/16 12:0 a.m.29 views

Amtelco miSecureMessages未授权访问漏洞

Bugtraq ID:66795 CVE ID:CVE-2014-0357 Amtelco miSecureMessages是一个可用于多个移动设备上的对消息进行加密的应用。 Amtelco miSecureMessages对用户消息访问缺少正确的验证,攻击者可在XML请求中提供contactID和合法许可证键值,就可以访问任意用户消息。 0 Amtelco miSecureMessages 目前没有详细解决方案: https://misecuremessages.com/...

5CVSS6.6AI score0.01848EPSS
Exploits2
NVD
NVD
added 2014/04/15 10:55 a.m.15 views

CVE-2014-0357

Amtelco miSecureMessages allows remote attackers to read the messages of arbitrary users via an XML request containing a valid license key and a modified contactID value, as demonstrated by a request from the iOS or Android application...

5CVSS6.4AI score0.01848EPSS
Exploits2References3
Rows per page
Query Builder