553 matches found
CVE-2024-45048
PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Affected versions are subject to a bypassing of a filter which allows for an XXE-attack. This in turn allows attacker to obtain contents of local files, even if error reporting is muted. This vulnerability has been...
Security Bulletin: A vulnerability in WebSphere Application Server Liberty affects IBM Robotic Process Automation and may result in an External Entity Injection (XXE) attack when processing XML data (CVE-2024-22354).
Summary A vulnerability in WebSphere Application Server Liberty affects IBM Robotic Process Automation and may result in an External Entity Injection XXE attack when processing XML data. WebSphere Application Server is used as the application server layer for IBM Robotic Process Automation...
Security Bulletin: IBM Master Data Management is vulnerable to an XXE attack from a vulnerability found in IBM WebSphere Application Server (CVE-2024-45072)
Summary IBM Master Data Management v11.6, v12.0, and v14.0 are vulnerable to an XXE attack from a vulnerability found in IBM WebSphere Application Server. IBM WebSphere Application Server is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A privileged user coul...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2024-45086)
Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...
CVE-2024-56356
In JetBrains TeamCity before 2024.12 insecure XMLParser configuration could lead to potential XXE attack...
CVE-2024-56356
In JetBrains TeamCity before 2024.12 insecure XMLParser configuration could lead to potential XXE attack...
CVE-2024-56356
In JetBrains TeamCity before 2024.12 insecure XMLParser configuration could lead to potential XXE attack...
PT-2024-10160 · Http4K · Http4K
Name of the Vulnerable Software and Affected Versions: http4k versions prior to 5.41.0.0 Description: The issue is related to an XXE XML External Entity Injection vulnerability when http4k handles malicious XML contents within requests. This could allow attackers to read local sensitive informati...
North Grid Proself Improper Restriction of XML External Entity (XXE) Reference Vulnerability
North Grid Proself Enterprise/Standard, Gateway, and Mail Sanitize contain an improper restriction of XML External Entity XXE reference vulnerability, which could allow a remote, unauthenticated attacker to conduct an XXE attack...
XML External Entity (XXE) Injection
Overview simplesamlphp/simplesamlphp is a PHP implementation of a SAML 2.0 service provider and identity provider, also compatible with Shibboleth 1.3 and 2.0. Affected versions of this package are vulnerable to XML External Entity XXE Injection due to improper sanitization of XML body in the...
XXE in PHPSpreadsheet's XLSX reader
Summary The XmlScanner class has a scan method which should prevent XXE attacks. However, we found another bypass than the previously reported CVE-2024-47873, the regexes from the findCharSet method, which is used for determining the current encoding can be bypassed by using a payload in the...
CVE-2024-48917
CVE-2024-48917 (PhpSpreadsheet XXE bypass) : The XmlScanner in PhpSpreadsheet can be bypassed via the encoding detection logic (findCharSet) when processing XML with UTF-7 payloads, allowing an XML External Entity attack. A comment injection at the end of the file encoding tag (e.g., encoding="UT...
CVE-2024-47873
PhpSpreadsheet's XML scanner contains a bypass that can enable XML External Entity (XXE) attacks. The findCharSet/scan logic can be bypassed by encoding tricks (e.g., UCS-4, UTF-7) and encoding guessing, allowing sanitizers to be circumvented. Affected versions are prior to 1.9.4, 2.1.3, 2.3.2, a...
Security Bulletin: IBM Engineering Lifecycle Optimization - Engineering Insights is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
Summary IBM Engineering Lifecycle Optimization - Engineering Insights ENI is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. In XML parsers, when XML...
CVE-2024-8602
When the XML is read from the codes in the PDF and parsed using a DocumentBuilder, the default settings of the DocumentBuilder allow for an XXE XML External Entity attack. Further information on this can be found on the website of the Open Worldwide Application Security Project OWASP. An attacker...
CVE-2024-8602 XML Eternal Entity Attack in the Software Library taxstatement.jar
When the XML is read from the codes in the PDF and parsed using a DocumentBuilder, the default settings of the DocumentBuilder allow for an XXE XML External Entity attack. Further information on this can be found on the website of the Open Worldwide Application Security Project OWASP. An attacker...
CVE-2024-45293 XML External Entity Reference (XXE) in PHPSpreadsheet's XLSX reader
PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. The security scanner responsible for preventing XXE attacks in the XLSX reader can be bypassed by slightly modifying the XML structure, utilizing white-spaces. On servers that allow users to upload their own Excel XLS...
CVE-2024-45745
TopQuadrant TopBraid EDG before version 8.0.1 is vulnerable to an XXE-style flaw: an authenticated attacker can upload an XML DTD file and execute JavaScript to read local files or access URLs. The root cause is an XML DTD handling/upload feature that allows external entity resolution. Impact is ...
CVE-2023-37233
Loftware Spectrum before 4.6 HF14 allows authenticated XXE attacks...
XXE in PHPSpreadsheet encoding is returned
Summary Bypassing the filter allows a XXE-attack. Which is turn allows attacker to obtain contents of local files, even if error reporting muted by @ symbol. LFI-attack Details Check $pattern = '/encoding=".?"/'; easy to bypass. Just use a single quote symbol '. So payload looks like this:...