Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xxe vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2018-1308
This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=<inlinexml>` parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrar...
Apache Solr
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Debian Debian Linux 9.0
9.1
CVSSv3
CVE-2021-23901
An XML external entity (XXE) injection vulnerability exists in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an malicious user to interfere with an application...
Apache Nutch
Netapp Snap Creator Framework -
9.1
CVSSv3
CVE-2021-38555
An XML external entity (XXE) injection vulnerability exists in the Any23 StreamUtils.java file and is known to affect Any23 versions < 2.5. XML external entity injection (also known as XXE) is a web security vulnerability that allows an malicious user to interfere with an appl...
Apache Any23
5.5
CVSSv3
CVE-2017-0045
Windows DVD Maker in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows Vista SP2 does not properly parse crafted .msdvd files, which allows malicious users to obtain information to compromise a target system, aka "Windows DVD Maker Cross-Site Request Forgery Vul...
Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
1 EDB exploit
NA
CVE-2014-3438
Multiple cross-site scripting (XSS) vulnerabilities in console interface scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Symantec Endpoint Protection Manager 12.1.1
Symantec Endpoint Protection Manager 12.1.2
Symantec Endpoint Protection Manager 12.1.3
Symantec Endpoint Protection Manager
Symantec Endpoint Protection Manager 12.1.0
1 EDB exploit
NA
CVE-2014-3437
The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allows remote malicious users to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, rel...
Symantec Endpoint Protection Manager 12.1.1
Symantec Endpoint Protection Manager 12.1.2
Symantec Endpoint Protection Manager 12.1.0
Symantec Endpoint Protection Manager 12.1.3
Symantec Endpoint Protection Manager
1 EDB exploit
NA
CVE-2014-3439
ConsoleServlet in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allows remote malicious users to write to arbitrary files via unspecified vectors.
Symantec Endpoint Protection Manager 12.1.0
Symantec Endpoint Protection Manager 12.1.3
Symantec Endpoint Protection Manager
Symantec Endpoint Protection Manager 12.1.1
Symantec Endpoint Protection Manager 12.1.2
1 EDB exploit
NA
CVE-2011-1940
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.3.x prior to 3.3.10.1 and 3.4.x prior to 3.4.1 allow remote malicious users to inject arbitrary web script or HTML via a crafted table name that triggers improper HTML rendering on a Tracking page, related to (1)...
Phpmyadmin Phpmyadmin 3.3.10.0
Phpmyadmin Phpmyadmin 3.4.0.0
Phpmyadmin Phpmyadmin 3.3.8.1
Phpmyadmin Phpmyadmin 3.3.3.0
Phpmyadmin Phpmyadmin 3.3.4.0
Phpmyadmin Phpmyadmin 3.3.9.2
Phpmyadmin Phpmyadmin 3.3.1.0
Phpmyadmin Phpmyadmin 3.3.7
Phpmyadmin Phpmyadmin 3.3.5.0
Phpmyadmin Phpmyadmin 3.3.0.0
Phpmyadmin Phpmyadmin 3.3.6
Phpmyadmin Phpmyadmin 3.3.2.0
Phpmyadmin Phpmyadmin 3.3.9.0
Phpmyadmin Phpmyadmin 3.3.5.1
Phpmyadmin Phpmyadmin 3.3.9.1
Phpmyadmin Phpmyadmin 3.3.8
NA
CVE-2011-3181
Multiple cross-site scripting (XSS) vulnerabilities in the Tracking feature in phpMyAdmin 3.3.x prior to 3.3.10.4 and 3.4.x prior to 3.4.4 allow remote malicious users to inject arbitrary web script or HTML via a (1) table name, (2) column name, or (3) index name.
Phpmyadmin Phpmyadmin 3.3.3.0
Phpmyadmin Phpmyadmin 3.3.4.0
Phpmyadmin Phpmyadmin 3.3.6
Phpmyadmin Phpmyadmin 3.3.9.1
Phpmyadmin Phpmyadmin 3.3.5.1
Phpmyadmin Phpmyadmin 3.3.2.0
Phpmyadmin Phpmyadmin 3.3.9.2
Phpmyadmin Phpmyadmin 3.3.9.0
Phpmyadmin Phpmyadmin 3.3.8
Phpmyadmin Phpmyadmin 3.3.1.0
Phpmyadmin Phpmyadmin 3.3.10.0
Phpmyadmin Phpmyadmin 3.3.10.1
Phpmyadmin Phpmyadmin 3.3.8.1
Phpmyadmin Phpmyadmin 3.3.5.0
Phpmyadmin Phpmyadmin 3.3.7
Phpmyadmin Phpmyadmin 3.3.0.0
Phpmyadmin Phpmyadmin 3.3.10.2
Phpmyadmin Phpmyadmin 3.3.10.3
Phpmyadmin Phpmyadmin 3.4.3.1
Phpmyadmin Phpmyadmin 3.4.0.0
Phpmyadmin Phpmyadmin 3.4.3.0
Phpmyadmin Phpmyadmin 3.4.1.0
NA
CVE-2011-2642
Multiple cross-site scripting (XSS) vulnerabilities in the table Print view implementation in tbl_printview.php in phpMyAdmin prior to 3.3.10.3 and 3.4.x prior to 3.4.3.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted table name.
Phpmyadmin Phpmyadmin 3.0.1.1
Phpmyadmin Phpmyadmin 3.2.1
Phpmyadmin Phpmyadmin 3.3.10.0
Phpmyadmin Phpmyadmin 2.11.1.2
Phpmyadmin Phpmyadmin 3.1.4
Phpmyadmin Phpmyadmin 3.1.3
Phpmyadmin Phpmyadmin 2.11.5.1
Phpmyadmin Phpmyadmin 2.11.5.0
Phpmyadmin Phpmyadmin 3.3.8.1
Phpmyadmin Phpmyadmin 3.2.0
Phpmyadmin Phpmyadmin 3.3.10.1
Phpmyadmin Phpmyadmin 3.1.2
Phpmyadmin Phpmyadmin 2.11.9.0
Phpmyadmin Phpmyadmin 3.1.0
Phpmyadmin Phpmyadmin 2.11.9.1
Phpmyadmin Phpmyadmin 3.3.3.0
Phpmyadmin Phpmyadmin 3.0.0
Phpmyadmin Phpmyadmin 3.3.4.0
Phpmyadmin Phpmyadmin 3.3.9.2
Phpmyadmin Phpmyadmin 2.11.5.2
Phpmyadmin Phpmyadmin 2.11.2.2
Phpmyadmin Phpmyadmin 2.11.8.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »