Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xml external entity vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-51605
Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote malicious users to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required t...
4.9
CVSSv3
CVE-2021-2303
Vulnerability in the OSS Support Tools product of Oracle Support Tools (component: Diagnostic Assistant). The supported version that is affected is before 2.12.41. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise OSS Supp...
Oracle Oss Support Tools
NA
CVE-2023-44412
D-Link D-View addDv7Probe XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote malicious users to disclose sensitive information on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerabili...
3.3
CVSSv3
CVE-2018-16252
FsPro Labs Event Log Explorer 4.6.1.2115 has ".elx" FileType XML External Entity Injection.
Fspro Event Log Explorer 4.6.1.2115
1 EDB exploit
9.6
CVSSv3
CVE-2016-6256
SAP Business One for Android 1.2.3 allows remote malicious users to conduct XML External Entity (XXE) attacks via crafted XML data in a request to B1iXcellerator/exec/soap/vP.001sap0003.in_WCSX/com.sap.b1i.vplatform.runtime/INB_WS_CALL_SYNC_XPT/INB_WS_CALL_SYNC_XPT.ipo/proc, aka ...
Sap Business One 1.2.3
1 EDB exploit
5.5
CVSSv3
CVE-2022-0221
A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could result in information disclosure when opening a malicious solution file provided by an attacker with SCADAPack Workbench. This could be exploited to pass data from local files to a re...
Schneider-electric Scadapack Workbench
NA
CVE-2013-3617
The XML API in Openbravo ERP 2.5, 3.0, and previous versions allows remote authenticated users to read arbitrary files via an XML document with an external entity declaration in conjunction with an entity reference to /ws/dal/ADUser or other /ws/dal/XXX interfaces, related to an ...
Openbravo Openbravo Erp 2.50
Openbravo Openbravo Erp
Openbravo Openbravo Erp 2.40
1 EDB exploit
NA
CVE-2015-3623
XML external entity (XXE) vulnerability in QlikTech Qlikview prior to 11.20 SR12 allows remote malicious users to conduct server-side request forgery (SSRF) attacks and read arbitrary files via crafted XML data in a request to AccessPoint.aspx.
Qlik Qlikview
1 EDB exploit
5.5
CVSSv3
CVE-2022-41696
Versions of VISAM VBASE Automation Base before 11.7.5 may disclose information if a valid user opens a specially crafted file.
Visam Vbase Automation Base
6.5
CVSSv3
CVE-2016-3542
Unspecified vulnerability in the Oracle Knowledge Management component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote administrators to affect confidentiality and integrity via unknown vectors.
Oracle Knowledge Management 12.1.3
Oracle Knowledge Management 12.2.5
Oracle Knowledge Management 12.2.4
Oracle Knowledge Management 12.2.3
Oracle Knowledge Management 12.1.2
Oracle Knowledge Management 12.1.1
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
CVE-2012-1823
memory leak
CVE-2024-0627
CVE-2024-31402
privilege escalation
CVE-2024-36418
remote code execution
CVE-2024-27844
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
7
8
9
10
NEXT »