Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xml external entity vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-46265
An unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or perform a Server-Side Request Forgery (SSRF).
Ivanti Avalanche
3.3
CVSSv3
CVE-2018-0207
A vulnerability in the web-based user interface of the Cisco Secure Access Control Server before 5.8 patch 9 could allow an unauthenticated, remote malicious user to gain read access to certain information in the affected system. The vulnerability is due to improper handling of X...
Cisco Secure Access Control Server Solution Engine 5.8(0.8)
7.5
CVSSv3
CVE-2012-4399
The Xml class in CakePHP 2.1.x prior to 2.1.5 and 2.2.x prior to 2.2.1 allows remote malicious users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.
Cakefoundation Cakephp
1 EDB exploit
6.5
CVSSv3
CVE-2017-3548
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.54 and 8.55. Easily "exploitable" vulnerability allows unauthenticated attacker with network acc...
Oracle Peoplesoft Enterprise Peopletools 8.54
Oracle Peoplesoft Enterprise Peopletools 8.55
2 EDB exploits
7.5
CVSSv3
CVE-2024-1167
When SEW-EURODRIVE MOVITOOLS MotionStudio processes XML information unrestricted file access can occur.
Seweurodrive Movitools Motionstudio 6.5.0.2
NA
CVE-2023-42035
Visualware MyConnection Server doIForward XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote malicious users to disclose sensitive information on affected installations of Visualware MyConnection Server. Authentication is not req...
7.5
CVSSv3
CVE-2022-21346
Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security). Supported versions that are affected are 5.5.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via...
Oracle Bi Publisher 12.2.1.4.0
Oracle Bi Publisher 12.2.1.3.0
Oracle Bi Publisher 5.5.0.0.0
5.4
CVSSv3
CVE-2021-1369
A vulnerability in the REST API of Cisco Firepower Device Manager (FDM) On-Box Software could allow an authenticated, remote malicious user to gain read and write access to information that is stored on an affected device. This vulnerability is due to the improper handling of XML...
Cisco Firepower Device Manager
7.5
CVSSv3
CVE-2023-22274
Adobe RoboHelp Server versions 11.4 and previous versions are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require...
Adobe Robohelp Server
7.7
CVSSv3
CVE-2016-3473
Unspecified vulnerability in the BI Publisher (formerly XML Publisher) component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote authenticated users to affect confidentiality via unknown vectors.
Oracle Business Intelligence Publisher 11.1.1.9.0
Oracle Business Intelligence Publisher 11.1.1.7.0
Oracle Business Intelligence Publisher 12.2.1.0.0
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27802
template injection
CVE-2024-0044
code injection
CVE-2024-35474
CVE-2024-27857
CVE-2024-23251
CVE-2024-23692
physical
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »