Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xml external entity vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-44412
D-Link D-View addDv7Probe XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote malicious users to disclose sensitive information on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerabili...
356
VMScore
CVE-2021-2303
Vulnerability in the OSS Support Tools product of Oracle Support Tools (component: Diagnostic Assistant). The supported version that is affected is before 2.12.41. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise OSS Supp...
445
VMScore
CVE-2019-13608
Citrix StoreFront Server prior to 1903, 7.15 LTSR before CU4 (3.12.4000), and 7.6 LTSR before CU8 (3.0.8000) allows XXE attacks.
Citrix Storefront Server
755
VMScore
CVE-2018-13417
In Vuze Bittorrent Client 5.7.6.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vulnerability to: (1) Access arbitrary files from the filesystem with the same per...
Vuze Bittorrent Client 5.7.6.0
1 EDB exploit
215
VMScore
CVE-2018-16252
FsPro Labs Event Log Explorer 4.6.1.2115 has ".elx" FileType XML External Entity Injection.
Fspro Event Log Explorer 4.6.1.2115
1 EDB exploit
685
VMScore
CVE-2016-6256
SAP Business One for Android 1.2.3 allows remote malicious users to conduct XML External Entity (XXE) attacks via crafted XML data in a request to B1iXcellerator/exec/soap/vP.001sap0003.in_WCSX/com.sap.b1i.vplatform.runtime/INB_WS_CALL_SYNC_XPT/INB_WS_CALL_SYNC_XPT.ipo/proc, aka ...
Sap Business One 1.2.3
1 EDB exploit
383
VMScore
CVE-2022-0221
A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could result in information disclosure when opening a malicious solution file provided by an attacker with SCADAPack Workbench. This could be exploited to pass data from local files to a re...
Schneider-electric Scadapack Workbench
355
VMScore
CVE-2013-3617
The XML API in Openbravo ERP 2.5, 3.0, and previous versions allows remote authenticated users to read arbitrary files via an XML document with an external entity declaration in conjunction with an entity reference to /ws/dal/ADUser or other /ws/dal/XXX interfaces, related to an ...
Openbravo Openbravo Erp 2.50
Openbravo Openbravo Erp
Openbravo Openbravo Erp 2.40
1 EDB exploit
NA
CVE-2022-45121
Versions of VISAM VBASE Automation Base before 11.7.5 may disclose information if a valid user opens a specially crafted file.
Visam Vbase Automation Base
NA
CVE-2022-41696
Versions of VISAM VBASE Automation Base before 11.7.5 may disclose information if a valid user opens a specially crafted file.
Visam Vbase Automation Base
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
7
8
9
10
NEXT »