Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xml external entity vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-46265
An unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or perform a Server-Side Request Forgery (SSRF).
Ivanti Avalanche
4.3
CVSSv2
CVE-2018-0207
A vulnerability in the web-based user interface of the Cisco Secure Access Control Server before 5.8 patch 9 could allow an unauthenticated, remote malicious user to gain read access to certain information in the affected system. The vulnerability is due to improper handling of X...
Cisco Secure Access Control Server Solution Engine 5.8\\(0.8\\)
4.3
CVSSv2
CVE-2018-0218
A vulnerability in the web-based user interface of the Cisco Secure Access Control Server before 5.8 patch 9 could allow an unauthenticated, remote malicious user to gain read access to certain information in the affected system. The vulnerability is due to improper handling of X...
Cisco Secure Access Control Server Solution Engine 5.8\\(0.8\\)
5.5
CVSSv2
CVE-2016-1358
Cisco Prime Infrastructure 2.2, 3.0, and 3.1(0.0) allows remote authenticated users to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) ...
Cisco Prime Infrastructure 3.0
Cisco Prime Infrastructure 2.2
Cisco Prime Infrastructure 3.1
3.5
CVSSv2
CVE-2018-0414
A vulnerability in the web-based UI of Cisco Secure Access Control Server could allow an authenticated, remote malicious user to gain read access to certain information in an affected system. The vulnerability is due to improper handling of XML External Entities (XXEs) when parsi...
Cisco Secure Access Control Server Solution Engine 5.8
Cisco Secure Access Control Server Solution Engine
6.4
CVSSv2
CVE-2017-3548
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.54 and 8.55. Easily "exploitable" vulnerability allows unauthenticated attacker with network acc...
Oracle Peoplesoft Enterprise Peopletools 8.55
Oracle Peoplesoft Enterprise Peopletools 8.54
2 EDB exploits
5
CVSSv2
CVE-2021-2400
Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with netwo...
Oracle Bi Publisher 5.5.0.0.0
Oracle Bi Publisher 11.1.1.9.0
Oracle Bi Publisher 12.2.1.3.0
Oracle Bi Publisher 12.2.1.4.0
5
CVSSv2
CVE-2021-2401
Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with netwo...
Oracle Bi Publisher 12.2.1.4.0
Oracle Bi Publisher 11.1.1.9.0
Oracle Bi Publisher 12.2.1.3.0
Oracle Bi Publisher 5.5.0.0.0
5.5
CVSSv2
CVE-2021-1369
A vulnerability in the REST API of Cisco Firepower Device Manager (FDM) On-Box Software could allow an authenticated, remote malicious user to gain read and write access to information that is stored on an affected device. This vulnerability is due to the improper handling of XML...
Cisco Firepower Device Manager
NA
CVE-2022-46300
Versions of VISAM VBASE Automation Base before 11.7.5 may disclose information if a valid user opens a specially crafted file.
Visam Vbase Automation Base
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »