Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xml injection vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-14485
BlogEngine.NET 3.3 allows XXE attacks via the POST body to metaweblog.axd.
Blogengine Blogengine.net 3.3
1 EDB exploit
7.5
CVSSv3
CVE-2018-8819
An XXE issue exists in Automated Logic Corporation (ALC) WebCTRL Versions 6.0, 6.1 and 6.5. An unauthenticated attacker could enter malicious input to WebCTRL and a weakly configured XML parser will allow the application to disclose full file contents from the underlying web serv...
Carrier Automatedlogic Webctrl 6.0
Carrier Automatedlogic Webctrl 6.1
Carrier Automatedlogic Webctrl 6.5
4.3
CVSSv3
CVE-2022-20938
A vulnerability in the module import function of the administrative interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote malicious user to view sensitive information. This vulnerability is due to insufficient validation of the XML syn...
Cisco Firepower Management Center 6.1.0.2
Cisco Firepower Management Center 6.2.0.2
Cisco Firepower Management Center 6.2.1
Cisco Firepower Management Center 6.1.0
Cisco Firepower Management Center 6.2.0
Cisco Firepower Management Center 6.1.0.3
Cisco Firepower Management Center 6.1.0.6
Cisco Firepower Management Center 6.2.2
Cisco Firepower Management Center 6.2.3
Cisco Firepower Management Center 6.2.0.5
Cisco Firepower Management Center 6.2.2.2
Cisco Firepower Management Center 6.1.0.7
Cisco Firepower Management Center 6.3.0
Cisco Firepower Management Center 6.2.2.1
Cisco Firepower Management Center 6.2.3.6
Cisco Firepower Management Center 6.4.0
Cisco Firepower Management Center 6.2.3.1
Cisco Firepower Management Center 6.2.3.2
Cisco Firepower Management Center 6.5.0
Cisco Firepower Management Center 6.2.3.10
Cisco Firepower Management Center 6.6.0.1
Cisco Firepower Management Center 6.6.0
9.8
CVSSv3
CVE-2022-28219
Cewolf in Zoho ManageEngine ADAudit Plus prior to 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution.
Zohocorp Manageengine Adaudit Plus 7.0
Zohocorp Manageengine Adaudit Plus
5 Github repositories
NA
CVE-2006-0272
Unspecified vulnerability in the XML Database component of Oracle Database server 9.2.0.7 and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB29. NOTE: based on mutual credits by the relevant sources, it is highly likely that this issue is a bu...
Oracle Oracle10g Enterprise 10.1.0.4
Oracle Oracle10g Personal 10.1.0.4
Oracle Oracle10g Standard 10.1.0.4
Oracle Oracle9i Standard 9.2.0.7
8.8
CVSSv3
CVE-2017-12216
A vulnerability in the web-based user interface of Cisco SocialMiner could allow an unauthenticated, remote malicious user to have read and write access to information stored in the affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entrie...
Cisco Socialminer -
6.5
CVSSv3
CVE-2018-19371
The SaveUserSettings service in Content Manager in SDL Web 8.5.0 has an XXE Vulnerability that allows reading sensitive files from the system.
Sdl Web Content Manager 8.5.0
NA
CVE-2014-8790
XML external entity (XXE) vulnerability in admin/api.php in GetSimple CMS 3.1.1 up to and including 3.3.x prior to 3.3.5 Beta 1, when in certain configurations, allows remote malicious users to read arbitrary files via the data parameter.
Get-simple Getsimple Cms 3.3.2
Get-simple Getsimple Cms 3.2
Cagintranetworks Getsimple Cms 3.3.3
Cagintranetworks Getsimple Cms 3.3.4
Get-simple Getsimple Cms 3.1.1
Get-simple Getsimple Cms 3.1.2
Get-simple Getsimple Cms 3.2.1
Get-simple Getsimple Cms 3.2.2
Get-simple Getsimple Cms 3.3.0
Get-simple Getsimple Cms 3.2.3
Get-simple Getsimple Cms 3.3.1
5.5
CVSSv3
CVE-2019-17554
The XML content type entity deserializer in Apache Olingo versions 4.0.0 to 4.6.0 is not configured to deny the resolution of external entities. Request with content type "application/xml", which trigger the deserialization of entities, can be used to trigger XXE attack...
Apache Olingo
5.5
CVSSv3
CVE-2018-8532
An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XMLA file containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Ser...
Microsoft Sql Server Management Studio 18.0
Microsoft Sql Server Management Studio 17.9
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »