Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xml external entity vulnerabilities and exploits
(subscribe to this query)
435
VMScore
CVE-2017-8918
XXE in Dive Assistant - Template Builder in Blackwave Dive Assistant - Desktop Edition 8.0 allows malicious users to remotely view local files via a crafted template.xml file.
Blackwave Dive Assistant 8.0
1 EDB exploit
405
VMScore
CVE-2013-4034
IBM Cognos Business Intelligence 8.4.1 before IF3, 10.1.0 before IF4, 10.1.1 before IF4, 10.2.0 before IF4, 10.2.1 before IF2, and 10.2.1.1 before IF1 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity re...
Ibm Cognos Business Intelligence 10.2.1
Ibm Cognos Business Intelligence 10.2
Ibm Cognos Business Intelligence 10.1.1
Ibm Cognos Business Intelligence 10.2.1.1
Ibm Cognos Business Intelligence 10.1
Ibm Cognos Business Intelligence 8.4.1
1 EDB exploit
605
VMScore
CVE-2016-9487
EpubCheck 4.0.1 does not properly restrict resolving external entities when parsing XML in EPUB files during validation. An attacker who supplies a specially crafted EPUB file may be able to exploit this behavior to read arbitrary files, or have the victim execute arbitrary reque...
W3 Epubcheck 4.0.1
668
VMScore
CVE-2015-0581
The XML parser in Cisco Prime Service Catalog prior to 10.1 allows remote authenticated users to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, as demonstrated by reading p...
Cisco Prime Service Catalog
NA
CVE-2022-45876
Versions of VISAM VBASE Automation Base before 11.7.5 may disclose information if a valid user opens a specially crafted file.
Visam Vbase
215
VMScore
CVE-2019-2861
Vulnerability in the Oracle Hyperion Planning component of Oracle Hyperion (subcomponent: Security). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hyperion P...
Oracle Hyperion Planning 11.1.2.4
1 EDB exploit
NA
CVE-2023-32567
Ivanti Avalanche decodeToMap XML External Entity Processing. Fixed in version 6.4.1.236
Ivanti Avalanche
NA
CVE-2023-46265
An unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or perform a Server-Side Request Forgery (SSRF).
Ivanti Avalanche
383
VMScore
CVE-2018-0207
A vulnerability in the web-based user interface of the Cisco Secure Access Control Server before 5.8 patch 9 could allow an unauthenticated, remote malicious user to gain read access to certain information in the affected system. The vulnerability is due to improper handling of X...
Cisco Secure Access Control Server Solution Engine 5.8(0.8)
383
VMScore
CVE-2018-0218
A vulnerability in the web-based user interface of the Cisco Secure Access Control Server before 5.8 patch 9 could allow an unauthenticated, remote malicious user to gain read access to certain information in the affected system. The vulnerability is due to improper handling of X...
Cisco Secure Access Control Server Solution Engine 5.8(0.8)
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4541
CVE-2024-3080
CVE-2024-4787
log injection
CVE-2024-5967
inject
CVE-2024-30078
CVE-2024-5899
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »