Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xml external entity vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2016-6408
Cisco Prime Home 5.2.0 allows remote malicious users to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCvb17814.
Cisco Prime Home 5.2.0
445
VMScore
CVE-2021-2400
Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with netwo...
Oracle Bi Publisher 12.2.1.4.0
Oracle Bi Publisher 11.1.1.9.0
Oracle Bi Publisher 12.2.1.3.0
Oracle Bi Publisher 5.5.0.0.0
445
VMScore
CVE-2021-2401
Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with netwo...
Oracle Bi Publisher 12.2.1.4.0
Oracle Bi Publisher 11.1.1.9.0
Oracle Bi Publisher 12.2.1.3.0
Oracle Bi Publisher 5.5.0.0.0
NA
CVE-2022-46300
Versions of VISAM VBASE Automation Base before 11.7.5 may disclose information if a valid user opens a specially crafted file.
Visam Vbase Automation Base
645
VMScore
CVE-2019-2616
Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker...
Oracle Business Intelligence Publisher 11.1.1.9.0
Oracle Business Intelligence Publisher 12.2.1.3.0
Oracle Business Intelligence Publisher 12.2.1.4.0
1 EDB exploit
383
VMScore
CVE-2019-17554
The XML content type entity deserializer in Apache Olingo versions 4.0.0 to 4.6.0 is not configured to deny the resolution of external entities. Request with content type "application/xml", which trigger the deserialization of entities, can be used to trigger XXE attack...
Apache Olingo
755
VMScore
CVE-2014-0030
The XML-RPC protocol support in Apache Roller prior to 5.0.3 allows malicious users to conduct XML External Entity (XXE) attacks via unspecified vectors.
Apache Roller 4.0.1
Apache Roller 3.1
Apache Roller 4.0
Apache Roller 5.0
Apache Roller 5.0.1
Apache Roller 5.0.2
1 EDB exploit
690
VMScore
CVE-2015-5161
The Zend_Xml_Security::scan in ZendXml prior to 1.0.1 and Zend Framework prior to 1.12.14, 2.x prior to 2.4.6, and 2.5.x prior to 2.5.2, when running under PHP-FPM in a threaded environment, allows remote malicious users to bypass security checks and conduct XML external entity (...
Zend Zend Framework 2.2.4
Zend Zend Framework 1.10.6
Zend Zend Framework 2.3.0
Zend Zend Framework 1.10.0
Zend Zend Framework 2.0.6
Zend Zend Framework 1.12.12
Zend Zend Framework 2.0.0
Zend Zend Framework 1.12.0
Zend Zend Framework 1.11.0
Zend Zend Framework 1.10.3
Zend Zend Framework 2.0.2
Zend Zend Framework 1.11.4
Zend Zend Framework 1.7.4
Zend Zend Framework 2.3.6
Zend Zend Framework 1.7.5
Zend Zend Framework 1.12.11
Zend Zend Framework 1.10.5
Zend Zend Framework 1.11.11
Zend Zend Framework 1.10.8
Zend Zend Framework 1.12.2
Zend Zend Framework 2.0.1
Zend Zend Framework 2.1.0
2 EDB exploits
NA
CVE-2024-4357
An information disclosure vulnerability exists in Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, allows low-privilege malicious user to read systems file via XML External Entity Processing.
802
VMScore
CVE-2022-21949
A Improper Restriction of XML External Entity Reference vulnerability in SUSE Open Build Service allows remote malicious users to reference external entities in certain operations. This can be used to gain information from the server that can be abused to escalate to Admin privil...
Opensuse Open Build Service
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27802
template injection
CVE-2024-0044
code injection
CVE-2024-35474
CVE-2024-27857
CVE-2024-23251
CVE-2024-23692
physical
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »