44 matches found
EUVD-2019-8027
Malware in sbrugna...
EUVD-2018-3738
Malware in sbrugna...
EUVD-2017-16450
Malware in sbrugna...
CVE-2025-53689
Blind XXE Vulnerabilities in jackrabbit-spi-commons and jackrabbit-core in Apache Jackrabbit 2.23.2 due to usage of an unsecured document build to load privileges. Users are recommended to upgrade to versions 2.20.17 Java 8, 2.22.1 Java 11 or 2.23.2 Java 11, beta versions, which fix this issue...
CVE-2025-53689
Blind XXE Vulnerabilities in jackrabbit-spi-commons and jackrabbit-core in Apache Jackrabbit 2.23.2 due to usage of an unsecured document build to load privileges. Users are recommended to upgrade to versions 2.20.17 Java 8, 2.22.1 Java 11 or 2.23.2 Java 11, beta versions, which fix this issue...
PT-2025-29446 · Apache +1 · Apache Jackrabbit +1
Name of the Vulnerable Software and Affected Versions: Apache Jackrabbit versions prior to 2.23.2 Description: The software contains Blind XXE vulnerabilities in jackrabbit-spi-commons and jackrabbit-core due to the use of an unsecured document build to load privileges. Recommendations: Upgrade t...
NorthGrid Proself XXE (CVE-2023-45727)
The version of NorthGrid Proself installed on the remote host is Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, or Proself Mail Sanitize Edition Ver1.08 and earlier. These versions allow a remote unauthenticated attacker to conduct XML Extern...
CVE-2022-45397
Jenkins OSF Builder Suite : : XML Linter Plugin 1.0.2 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2019-18227
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. XXE vulnerabilities exist that may allow disclosure of sensitive data...
GHSA-XP8P-9RQ5-4WGV ZendXml and Zend Framework contain XXE and XEE Vulnerabilities
The ZendXmlSecurity::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote attackers to bypass security checks and conduct XML external entity XXE and XML entity expansion XEE...
CVE-2022-21949 Multiple XXE vulnerabilities in OBS
A Improper Restriction of XML External Entity Reference vulnerability in SUSE Open Build Service allows remote attackers to reference external entities in certain operations. This can be used to gain information from the server that can be abused to escalate to Admin privileges on OBS. This issue...
XML External Entity (XXE)
...
How to disable XXE processing?
In my last post I talked about XXE vulnerabilities found on popular open-source projects and more generally how to assess this type of issue. Today, I’ll talk about the different strategies to disable XXE processing. External XXE and internal entities are useful for building concise XML documents...
Don't be afraid of XXE vulnerabilities: understand the beast and how to detect them
Today XML External Entities XXE vulnerabilities are still ubiquitous, despite the fact that recommendations to protect against them have been an integral part of security standards for years. In this post, the first in a series of three blog posts, we will try to demystify XXE vulnerabilities and...
JVN#33453839: Multiple improper restriction of XML external entity reference (XXE) vulnerabilities in Office Server Document Converter
Office Server Document Converter provided by Antenna House, Inc. contains multiple improper restriction of XML external entity reference XXE vulnerabilities listed below. Improper restriction of XML external entity reference XXE CWE-611 - CVE-2021-20838 Resource exhaustion in the PDF convert...
[SECURITY] [DSA 4896-1] wordpress security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4896-1 [email protected] https://www.debian.org/security/ Sebastien Delafond April 22, 2021 https://www.debian.org/security/faq -...
openSUSE: Security Advisory for rubygem-nokogiri (openSUSE-SU-2021:0237-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security update for rubygem-nokogiri (important)
openSUSE Security Update: Security update for rubygem-nokogiri Announcement ID: openSUSE-SU-2021:0237-1 Rating: important References: 1146578 1156722 1180507 Cross-References: CVE-2019-5477 CVE-2020-26247 Affected Products: openSUSE Leap 15.2 An update that solves two vulnerabilities and has one...
CVE-2020-24052
Several XML External Entity XXE vulnerabilities in the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units allow remote unauthenticated users to read arbitrary files via a crafted Document Type Definition DTD in an XML request...
XXExploiter - Tool To Help Exploit XXE Vulnerabilities
I wrote this tool to help me testing XXE vulnerabilities. It generates the XML payloads, and automatically starts a server to serve the needed DTD's or to do data exfiltration. IMPORTANT: This tool is still under development and although most of its features are already working, some may have not...