Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xml external entity vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-51602
Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote malicious users to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required t...
NA
CVE-2023-51604
Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote malicious users to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required t...
NA
CVE-2023-51605
Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote malicious users to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required t...
9.6
CVSSv3
CVE-2016-6256
SAP Business One for Android 1.2.3 allows remote malicious users to conduct XML External Entity (XXE) attacks via crafted XML data in a request to B1iXcellerator/exec/soap/vP.001sap0003.in_WCSX/com.sap.b1i.vplatform.runtime/INB_WS_CALL_SYNC_XPT/INB_WS_CALL_SYNC_XPT.ipo/proc, aka ...
Sap Business One 1.2.3
1 EDB exploit
3.3
CVSSv3
CVE-2018-16252
FsPro Labs Event Log Explorer 4.6.1.2115 has ".elx" FileType XML External Entity Injection.
Fspro Event Log Explorer 4.6.1.2115
1 EDB exploit
5.5
CVSSv3
CVE-2022-0221
A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could result in information disclosure when opening a malicious solution file provided by an attacker with SCADAPack Workbench. This could be exploited to pass data from local files to a re...
Schneider-electric Scadapack Workbench
NA
CVE-2013-3617
The XML API in Openbravo ERP 2.5, 3.0, and previous versions allows remote authenticated users to read arbitrary files via an XML document with an external entity declaration in conjunction with an entity reference to /ws/dal/ADUser or other /ws/dal/XXX interfaces, related to an ...
Openbravo Openbravo Erp 2.50
Openbravo Openbravo Erp
Openbravo Openbravo Erp 2.40
1 EDB exploit
6.5
CVSSv3
CVE-2021-43576
Jenkins pom2config Plugin 1.2 and previous versions does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing attackers with Overall/Read and Item/Read permissions to have Jenkins parse a crafted XML file that uses external entities for extraction o...
Jenkins Pom2config
NA
CVE-2015-1833
XML external entity (XXE) vulnerability in Apache Jackrabbit prior to 2.0.6, 2.2.x prior to 2.2.14, 2.4.x prior to 2.4.6, 2.6.x prior to 2.6.6, 2.8.x prior to 2.8.1, and 2.10.x prior to 2.10.1 allows remote malicious users to read arbitrary files and send requests to intranet ser...
Apache Jackrabbit 2.2.13
Apache Jackrabbit 2.2.10
Apache Jackrabbit 2.4.3
Apache Jackrabbit 2.2.9
Apache Jackrabbit
Apache Jackrabbit 2.6.5
Apache Jackrabbit 2.2.5
Apache Jackrabbit 2.2.8
Apache Jackrabbit 2.4.1
Apache Jackrabbit 2.8.0
Apache Jackrabbit 2.6.2
Apache Jackrabbit 2.2.0
Apache Jackrabbit 2.6.0
Apache Jackrabbit 2.6.3
Apache Jackrabbit 2.4.0
Apache Jackrabbit 2.4.2
Apache Jackrabbit 2.2.11
Apache Jackrabbit 2.4.4
Apache Jackrabbit 2.2.4
Apache Jackrabbit 2.2.2
Apache Jackrabbit 2.2.1
Apache Jackrabbit 2.2.12
1 EDB exploit
4 Github repositories
5.5
CVSSv3
CVE-2022-45121
Versions of VISAM VBASE Automation Base before 11.7.5 may disclose information if a valid user opens a specially crafted file.
Visam Vbase Automation Base
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2018-25103
CVE-2024-36279
CVE-2024-38457
elevation of privilege
CVE-2024-27801
CVE-2024-30103
NULL pointer dereference
CVE-2024-6057
XML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »