CVE-2019-19295

A vulnerability has been identified in Control Center Server CCS All versions V1.5.0. The Control Center Server CCS does not enforce logging of security-relevant activities in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote...

CVE-2019-19292

CVE-2019-19292 affects Siemens CCS (Control Center Server): SQL injection in the XML-based protocol on ports 5444/TCP and 5440/TCP affecting all CCS versions before v1.5.0. An authenticated remote attacker could read/modify the CCS database and potentially perform administrative database operatio...

CVE-2019-18338

A vulnerability has been identified in Control Center Server CCS All versions V1.5.0. The Control Center Server CCS contains a directory traversal vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote attacker with...

Directory traversal

A vulnerability has been identified in Control Center Server CCS All versions V1.5.0. The Control Center Server CCS contains a directory traversal vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote attacker with...

Authentication flaw

A vulnerability has been identified in Control Center Server CCS All versions V1.5.0. The Control Center Server CCS contains an authentication bypass vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. A remote attacker with network access ...

CVE-2019-18338

A vulnerability has been identified in Control Center Server CCS All versions V1.5.0. The Control Center Server CCS contains a directory traversal vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote attacker with...

CVE-2019-18337

A vulnerability has been identified in Control Center Server CCS All versions V1.5.0. The Control Center Server CCS contains an authentication bypass vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. A remote attacker with network access ...

CVE-2019-18338

CVE-2019-18338 describes a directory traversal vulnerability in Siemens/SiNVR CCS, affecting all versions before v1.5.0. The flaw exists in the XML-based communication protocol exposed by default on ports 5444/tcp and 5440/tcp, allowing an authenticated remote attacker with network access to list...

High severity vulnerability that affects org.apache.cxf.fediz:fediz-jetty8, org.apache.cxf.fediz:fediz-jetty9, org.apache.cxf.fediz:fediz-spring, org.apache.cxf.fediz:fediz-spring2, and org.apache.cxf.fediz:fediz-spring3

Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Document Type Declarations DTDs when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters...

Design/Logic Flaw

Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Document Type Declarations DTDs when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters...

CVE-2018-8038

Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Document Type Declarations DTDs when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters...

CVE-2018-8038

Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Document Type Declarations DTDs when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters...

CVE-2018-8038

Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Document Type Declarations DTDs when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters...

CVE-2018-10832

ModbusPal 1.6b is vulnerable to an XML External Entity XXE attack. Projects are saved as .xmpp files and automations can be exported as .xmpa files, both XML-based, which are vulnerable to XXE injection. Sending a crafted .xmpp or .xmpa file to a user, when opened/imported in ModbusPal, will retu...

Xxe

ModbusPal 1.6b is vulnerable to an XML External Entity XXE attack. Projects are saved as .xmpp files and automations can be exported as .xmpa files, both XML-based, which are vulnerable to XXE injection. Sending a crafted .xmpp or .xmpa file to a user, when opened/imported in ModbusPal, will retu...

ModbusPal 1.6b - XML External Entity Injection Vulnerability

Exploit for java platform in category web applications + Exploit Title: ModbusPal XXE Injection + Exploit Author: Trent Gordon + Vendor Homepage: http://modbuspal.sourceforge.net/ + Software Link: https://sourceforge.net/projects/modbuspal/files/latest/download?source=files + Version: 1.6b + Test...

ModbusPal 1.6b - XML External Entity Injection

Exploit Title: ModbusPal XXE Injection + Date: 05-08-2018 + Exploit Author: Trent Gordon + Vendor Homepage: http://modbuspal.sourceforge.net/ + Software Link: https://sourceforge.net/projects/modbuspal/files/latest/download?source=files + Version: 1.6b + Tested on: Ubuntu 16.04 with Java 1.8.0151...

slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution

An XML deserialization vulnerability was discovered in slf4j's EventData, which accepts an XML serialized string and can lead to arbitrary code execution...

GetSimple CMS 3.3.13 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: GetSimple CMS 3.3.13 - Cross Site Scripting Vulnerability Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: http://get-simple.info/ Software Link: http://get-simple.info/download/ Affected...

GetSimple CMS 3.3.13 - Cross-Site Scripting

GetSimple CMS 3.3.13 - Cross-Site Scripting Exploit Title: GetSimple CMS 3.3.13 - Cross Site Scripting Vulnerability Google Dork: N/A Date: 03-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: http://get-simple.info/ Software Link:...