EUVD-2019-6593

Malware in sbrugna...

Drupal 7.15 XML Injection

Drupal version 7.15 proof of concept XML external entity injection exploit that leverages a vulnerability originally discovered in 2012. ============================================================================================================================================= | Title : Drupal...

CVE-2019-15637

Numerous Tableau products are vulnerable to XXE via a malicious workbook, extension, or data source, leading to information disclosure or a DoS. This affects Tableau Server, Tableau Desktop, Tableau Reader, and Tableau Public Desktop...

PT-2022-26535 · Candidats · Candidats

Name of the Vulnerable Software and Affected Versions: CandidATS version 3.0.0 Description: The issue allows an external attacker to read arbitrary files from the server due to the application being vulnerable to XXE. Recommendations: For CandidATS version 3.0.0, consider restricting access to...

Exploit for CVE-2019-2888

CVE-2019-2888 WebLogic EJBTaglibDescriptor XXE漏洞 !./info.p...

Top 5 my own security audit fails

I have been in application security since 2009. Since that time I was involved in more than 300 different projects and sometimes even discovered new things like SSRF or the first XXE OOB FTP exploitation. Today I’d like to talk about my fails during my 300+ projects to ensure you don’t repeat my...

Exploiting XXE In File Upload Functionality

Just wanted to post some details from my BH USA 2015 briefing "Exploiting XXE In File Upload Functionality". The youtube video is up: I also gave an updated version of the presentation in November for the Blackhat Webcast Series. It included more file types; PDF, JPG, and GIF. The link is here:...