Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xml injection vulnerabilities and exploits
(subscribe to this query)
785
VMScore
CVE-2015-3000
SysAid Help Desk prior to 15.2 allows remote malicious users to cause a denial of service (CPU and memory consumption) via a large number of nested entity references in an XML document to (1) /agententry, (2) /rdsmonitoringresponse, or (3) /androidactions, aka an XML Entity Expan...
Sysaid Sysaid
1 EDB exploit
775
VMScore
CVE-2005-1921
Eval injection vulnerability in PEAR XML_RPC 1.3.0 and previous versions (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and previous versions, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6)...
Php Xml Rpc
Gggeek Phpxmlrpc
Drupal Drupal
Tiki Tikiwiki Cms/groupware
Debian Debian Linux 3.1
5 EDB exploits
760
VMScore
CVE-2014-7146
The XmlImportExport plugin in MantisBT 1.2.17 and previous versions allows remote malicious users to execute arbitrary PHP code via a crafted (1) description field or (2) issuelink attribute in an XML file, which is not properly handled when executing the preg_replace function wi...
Mantisbt Mantisbt 1.2.17
2 EDB exploits
760
VMScore
CVE-2006-1032
Eval injection vulnerability in the decode function in rpc_decoder.php for phpRPC 0.7 and previous versions, as used by runcms, exoops, and possibly other programs, allows remote malicious users to execute arbitrary PHP code via the base64 tag.
Phprpc Phprpc 0.8
Phprpc Phprpc 0.9
Phprpc Phprpc 0.7
2 EDB exploits
760
VMScore
CVE-2005-2113
SQL injection vulnerability in the loginUser function in the XMLRPC server in XOOPS 2.0.11 and previous versions allows remote malicious users to execute arbitrary SQL commands and bypass authentication via crafted values in an XML file, as demonstrated using the blogger.getPost ...
Xoops Xoops 2.0.5.1
Xoops Xoops 2.0.2
Xoops Xoops 2.0.5.2
Xoops Xoops 2.0.9.2
Xoops Xoops 2.0.7
Xoops Xoops 2.0.3
Xoops Xoops 2.0.9
Xoops Xoops 2.0.4
Xoops Xoops 2.0.1
Xoops Xoops 2.0.10
Xoops Xoops 2.0.11
Xoops Xoops 2.0
Xoops Xoops 2.0.5
Xoops Xoops 2.0.9.3
Xoops Xoops 2.0.6
2 EDB exploits
757
VMScore
CVE-2019-9670
mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x prior to 8.7.11p10 has an XML External Entity injection (XXE) vulnerability, as demonstrated by Autodiscover/Autodiscover.xml.
Synacor Zimbra Collaboration Suite 8.7.11
Synacor Zimbra Collaboration Suite
1 EDB exploit
7 Github repositories
756
VMScore
CVE-2016-6111
IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all availab...
Ibm Curam Social Program Management 5.2
Ibm Curam Social Program Management 6.0
Ibm Curam Social Program Management 6.0.0
Ibm Curam Social Program Management 6.0.4.3
Ibm Curam Social Program Management 6.0.4.8
Ibm Curam Social Program Management 6.0.4.2
Ibm Curam Social Program Management 6.0.4.0
Ibm Curam Social Program Management 6.0.4.1
Ibm Curam Social Program Management 6.0.4.7
Ibm Curam Social Program Management 6.0.4.6
Ibm Curam Social Program Management 6.0.4.4
Ibm Curam Social Program Management 6.0.4.5
Ibm Curam Social Program Management 6.0.5.8
Ibm Curam Social Program Management 6.0.5.9
Ibm Curam Social Program Management 6.0.5.7
Ibm Curam Social Program Management 6.0.5.6
Ibm Curam Social Program Management 6.0.5
Ibm Curam Social Program Management 6.0.5.0
Ibm Curam Social Program Management 6.0.5.3
Ibm Curam Social Program Management 6.0.5.2
Ibm Curam Social Program Management 6.0.5.4
Ibm Curam Social Program Management 6.0.5.5
756
VMScore
CVE-2016-9706
IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive informatio...
Ibm Websphere Message Broker 8.0
Ibm Integration Bus 10.0
Ibm Integration Bus 9.0
755
VMScore
CVE-2015-6970
The web interface in Bosch Security Systems NBN-498 Dinion2X Day/Night IP Cameras with H.264 Firmware 4.54.0026 allows remote malicious users to conduct XML injection attacks via the idstring parameter to rcp.xml.
Boschsecurity Nbn-498 Dinion2x Day/night Ip Cameras Firmware 4.54.0026
1 EDB exploit
755
VMScore
CVE-2019-7442
An XML external entity (XXE) vulnerability in the Password Vault Web Access (PVWA) of CyberArk Enterprise Password Vault <=10.7 allows remote malicious users to read arbitrary files or potentially bypass authentication via a crafted DTD in the SAML authentication system.
Cyberark Enterprise Password Vault
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-28995
CVE-2024-36680
CVE-2024-35537
unauthorized
CVE-2024-21518
CVE-2024-37673
cross-site scripting
SSRF
CVE-2024-6241
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »