Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xml injection vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2016-4312
XML external entity (XXE) vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 before WSO2-CARBON-PATCH-4.4.0-0231 allows remote authenticated users with access to XACML features to read arbitrary files, cause a denial of service, conduct server-side request forg...
Wso2 Identity Server 5.1.0
1 EDB exploit
NA
CVE-2013-4295
The gadget renderer in Apache Shindig 2.5.0 for PHP allows remote malicious users to obtain sensitive information via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Apache Shindig 2.5.0
1 EDB exploit
9.8
CVSSv3
CVE-2018-10653
There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.
Citrix Xenmobile Server 10.8
Citrix Xenmobile Server 10.7
6.3
CVSSv3
CVE-2023-6792
An OS command injection vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated API user to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall.
Paloaltonetworks Pan-os
6.5
CVSSv3
CVE-2018-0486
Shibboleth XMLTooling-C prior to 1.6.3, as used in Shibboleth Service Provider prior to 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote malicious users to obtain sensitive information or conduct impersonation attacks ...
Shibboleth Xmltooling-c
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Debian Debian Linux 9.0
5.5
CVSSv3
CVE-2022-45876
Versions of VISAM VBASE Automation Base before 11.7.5 may disclose information if a valid user opens a specially crafted file.
Visam Vbase
6.1
CVSSv3
CVE-2016-8527
Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to a reflected cross-site scripting (XSS). The vulnerability is present in the VisualRF component of AirWave. By exploiting this vulnerability, an attacker who can trick a logged-in AirWave administrative ...
Hp Airwave
1 EDB exploit
8.8
CVSSv3
CVE-2016-8526
Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to an XML external entities (XXE). XXEs are a way to permit XML parsers to access storage that exist on external systems. If an unprivileged user is permitted to control the contents of XML files, XXE can ...
Hp Airwave
1 EDB exploit
8
CVSSv3
CVE-2017-6662
A vulnerability in the web-based user interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker read and write access to information stored in the affected system as well as perform remote code execu...
Cisco Evolved Programmable Network Manager 1.2.0
Cisco Evolved Programmable Network Manager 1.2.300
Cisco Evolved Programmable Network Manager 2.0.0
Cisco Prime Infrastructure 3.1
Cisco Evolved Programmable Network Manager 1.2.200
Cisco Prime Infrastructure 1.4.1
Cisco Prime Infrastructure 1.3.0.20
Cisco Prime Infrastructure 1.2.1
Cisco Prime Infrastructure 1.4.0.45
Cisco Prime Infrastructure 3.1\\(0.128\\)
Cisco Prime Infrastructure 3.2\\(0.0\\)
Cisco Prime Infrastructure 3.1\\(4.0\\)
Cisco Prime Infrastructure 2.2
Cisco Prime Infrastructure 1.2
Cisco Prime Infrastructure 2.2\\(2\\)
Cisco Prime Infrastructure 1.4.2
Cisco Prime Infrastructure 1.2.0.103
Cisco Prime Infrastructure 3.1.1
Cisco Prime Infrastructure 2.2\\(3\\)
Cisco Prime Infrastructure 3.0
Cisco Evolved Programmable Network Manager 2.0\\(4.0.45d\\)
Cisco Evolved Programmable Network Manager 1.2.500
NA
CVE-2015-1833
XML external entity (XXE) vulnerability in Apache Jackrabbit prior to 2.0.6, 2.2.x prior to 2.2.14, 2.4.x prior to 2.4.6, 2.6.x prior to 2.6.6, 2.8.x prior to 2.8.1, and 2.10.x prior to 2.10.1 allows remote malicious users to read arbitrary files and send requests to intranet ser...
Apache Jackrabbit 2.2.10
Apache Jackrabbit 2.2.9
Apache Jackrabbit 2.2.0
Apache Jackrabbit 2.4.5
Apache Jackrabbit 2.6.4
Apache Jackrabbit 2.6.3
Apache Jackrabbit
Apache Jackrabbit 2.2.13
Apache Jackrabbit 2.2.5
Apache Jackrabbit 2.2.4
Apache Jackrabbit 2.4.2
Apache Jackrabbit 2.4.1
Apache Jackrabbit 2.8.0
Apache Jackrabbit 2.10.0
Apache Jackrabbit 2.2.12
Apache Jackrabbit 2.2.11
Apache Jackrabbit 2.2.2
Apache Jackrabbit 2.2.1
Apache Jackrabbit 2.4.0
Apache Jackrabbit 2.6.5
Apache Jackrabbit 2.2.8
Apache Jackrabbit 2.2.7
1 EDB exploit
4 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
7
8
9
10
NEXT »