Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xxe vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2018-10175
Digital Guardian Management Console 7.1.2.0015 has an XXE issue.
Digitalguardian Management Console 7.1.2.0015
9
CVSSv2
CVE-2016-4014
XML external entity (XXE) vulnerability in the UDDI component in SAP NetWeaver JAVA AS 7.4 allows remote malicious users to cause a denial of service (system hang) via a crafted DTD in an XML request to uddi/api/replication, aka SAP Security Note 2254389.
Sap Netweaver 7.4
1 Github repository
NA
CVE-2016-401410
An attacker can trigger an XML Entity Expansion or XML External Entity Injection. This causes the entire machine to become unresponsive until the process is terminated manually. An attacker can use this flaw to perform a denial-of-service (DoS) attack. SAP NetWeaver AS JAVA versi...
5
CVSSv2
CVE-2018-2393
Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML External Entity appropriately causing the SAP Internet Graphics Server (IGS) to become unavailable.
Sap Internet Graphics Server 7.20
Sap Internet Graphics Server 7.20ext
Sap Internet Graphics Server 7.45
Sap Internet Graphics Server 7.49
Sap Internet Graphics Server 7.53
1 Metasploit module
1 Github repository
5
CVSSv2
CVE-2018-2392
Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML External Entity appropriately causing the SAP Internet Graphics Server (IGS) to become unavailable.
Sap Internet Graphics Server 7.20
Sap Internet Graphics Server 7.20ext
Sap Internet Graphics Server 7.45
Sap Internet Graphics Server 7.49
Sap Internet Graphics Server 7.53
1 Metasploit module
1 Github repository
4
CVSSv2
CVE-2015-7743
XML external entity vulnerability in PRTG Network Monitor prior to 16.2.23.3077/3078 allows remote authenticated users to read arbitrary files by creating a new HTTP XML/REST Value sensor that accesses a crafted XML file.
Paessler Prtg Network Monitor
4
CVSSv2
CVE-2019-10080
The XMLFileLookupService in NiFi versions 1.3.0 to 1.9.2 allowed trusted users to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services (via XXE) and reveal information such as the versions of Java, Jersey, and A...
Apache Nifi
5
CVSSv2
CVE-2017-17762
XML external entity (XXE) vulnerability in Episerver 7 patch 4 and previous versions allows remote malicious users to read arbitrary files via a crafted DTD in an XML request involving util/xmlrpc/Handler.ashx.
Episerver Episerver 7
Episerver Episerver
7.5
CVSSv2
CVE-2019-9670
mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x prior to 8.7.11p10 has an XML External Entity injection (XXE) vulnerability, as demonstrated by Autodiscover/Autodiscover.xml.
Synacor Zimbra Collaboration Suite 8.7.11
Synacor Zimbra Collaboration Suite
1 EDB exploit
7 Github repositories
4
CVSSv2
CVE-2021-44145
In the TransformXML processor of Apache NiFi prior to 1.15.1 an authenticated user could configure an XSLT file which, if it included malicious external entity calls, may reveal sensitive information.
Apache Nifi
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
server-side request forgery
CVE-2024-30067
CVE-2024-5553
CVE-2024-30095
IDOR
CVE-2024-35252
CVE-2024-23692
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »