CVE-2023-51602

CVE-2023-51602 pertains to Honeywell Saia PG5 Controls Suite and describes an XML External Entity (XXE) processing vulnerability in the XML parser. The flaw allows a remote attacker to disclose sensitive information by supplying a crafted XML document that references an external URI, which the pa...

CVE-2023-40507 LG Simple Editor copyContent XML External Entity Processing Information Disclosure Vulnerability

LG Simple Editor copyContent XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific...

CVE-2023-39472 Inductive Automation Ignition SimpleXMLReader XML External Entity Processing Information Disclosure Vulnerability

Inductive Automation Ignition SimpleXMLReader XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Inductive Automation Ignition. Authentication is required to exploit this...

(0Day) Voltronic Power ViewPower Pro doDocument XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability. The specific flaw exists within the doDocument method. Due to the improper restriction of XML...

(0Day) Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

VBASE VISAM Automation Base DBConnections File Parsing XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of VBASE VISAM Automation Base. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists withi...

CVE-2020-27858

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CA Arcserve D2D 16.5. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getNews method. Due to the improper restriction of XML External Entity...

Arcserve D2D getNews XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CA Arcserve D2D. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getNews method. Due to the improper restriction of XML External Entity XXE...

Microsoft SQL Server Management Studio 17.9 / 18.0 Preview 4 XML Injection

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-SQL-SERVER-MGMT-STUDIO-XMLA-FILETYPE-XML-INJECTION-CVE-2018-8532.txt + ISR: ApparitionSec + Zero Day Initiative Program Vendor www.microsoft.com Product SQL Server...

Microsoft SQL Server Management Studio 17.9 - XML External Entity Injection Vulnerability

Exploit for windows platform in category web applications Exploit Title: Microsoft SQL Server Management Studio 17.9 - XML External Entity Injection Author: John Page aka hyp3rlinx Website: hyp3rlinx.altervista.org Venodor: www.microsoft.com Software: SQL Server Management Studio 17.9 and SQL...

Microsoft SQL Server Management Studio 17.9 - .xmla XML External Entity Injection

Microsoft SQL Server Management Studio 17.9 - .xmla XML External Entity Injection Exploit Title: Microsoft SQL Server Management Studio 17.9 - '.xmla' XML External Entity Injection Date: 2018-10-10 Author: John Page aka hyp3rlinx Website: hyp3rlinx.altervista.org Venodor: www.microsoft.com...

GE MDS PulseNET XmlAdapterServlet XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of GE MDS PulseNET. Authentication is not required to exploit this vulnerability. The specific flaw exists within the XmlAdapterServlet servlet. Due to the improper restriction of XML External...

GE MDS PulseNET IntegrationXMLProcessorServlet AlarmActions XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of GE MDS PulseNET. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the AlarmActions method of the IntegrationXMLProcessorServle...