Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xxe vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2017-9231
XML external entity (XXE) vulnerability in Citrix XenMobile Server 9.x and 10.x prior to 10.5 RP3 allows malicious users to obtain sensitive information via unspecified vectors.
Citrix Xenmobile Server 10.3.6
Citrix Xenmobile Server 10.4
Citrix Xenmobile Server 10.0
Citrix Xenmobile Server 10.1
Citrix Xenmobile Server 10.3
Citrix Xenmobile Server 10.3.5
Citrix Xenmobile Server 10.5
Citrix Xenmobile Server 9.0
4
CVSSv2
CVE-2016-8526
Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to an XML external entities (XXE). XXEs are a way to permit XML parsers to access storage that exist on external systems. If an unprivileged user is permitted to control the contents of XML files, XXE can ...
Hp Airwave
1 EDB exploit
6.4
CVSSv2
CVE-2016-3974
XML external entity (XXE) vulnerability in the Configuration Wizard in SAP NetWeaver Java AS 7.1 up to and including 7.5 allows remote malicious users to cause a denial of service, conduct SMB Relay attacks, or access arbitrary files via a crafted XML request to _tc~monitoring~we...
Sap Netweaver Application Server Java
1 EDB exploit
4
CVSSv2
CVE-2017-15639
tasks/feed/readRSS.cfm in Mura CMS prior to 6.2 allows malicious users to bypass intended access restrictions by leveraging the "draggable feeds" feature.
Getmura Mura Cms
1 EDB exploit
1 Github repository
7.5
CVSSv2
CVE-2013-1915
ModSecurity prior to 2.7.3 allows remote malicious users to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity reference, aka an XML External ...
Trustwave Modsecurity
Opensuse Opensuse 11.4
Opensuse Opensuse 12.2
Opensuse Opensuse 12.3
Fedoraproject Fedora 17
Fedoraproject Fedora 18
Fedoraproject Fedora 19
Debian Debian Linux 6.0
Debian Debian Linux 7.0
5
CVSSv2
CVE-2019-9621
Zimbra Collaboration Suite prior to 8.6 patch 13, 8.7.x prior to 8.7.11 patch 10, and 8.8.x prior to 8.8.10 patch 7 or 8.8.x prior to 8.8.11 patch 3 allows SSRF via the ProxyServlet component.
Zimbra Collaboration Server 8.6.0
Zimbra Collaboration Server
Zimbra Collaboration Server 8.7.11
Zimbra Collaboration Server 8.8.10
Zimbra Collaboration Server 8.8.11
2 EDB exploits
2 Github repositories
6.8
CVSSv2
CVE-2016-10127
PySAML2 allows remote malicious users to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response.
Pysaml2 Project Pysaml2 -
4
CVSSv2
CVE-2017-15691
In Apache uimaj before 2.10.2, Apache uimaj 3.0.0-xxx before 3.0.0-beta, Apache uima-as before 2.10.2, Apache uimaFIT before 2.4.0, Apache uimaDUCC before 2.2.2, this vulnerability relates to an XML external entity expansion (XXE) capability of various XML parsers. UIMA as part o...
Apache Uimaj
Apache Uimaj 3.0.0
Apache Uima-as
Apache Uimafit
Apache Uimaducc
6
CVSSv2
CVE-2017-6662
A vulnerability in the web-based user interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker read and write access to information stored in the affected system as well as perform remote code execu...
Cisco Evolved Programmable Network Manager 1.2.0
Cisco Evolved Programmable Network Manager 1.2.300
Cisco Evolved Programmable Network Manager 2.0.0
Cisco Prime Infrastructure 3.1
Cisco Evolved Programmable Network Manager 1.2.200
Cisco Prime Infrastructure 1.4.1
Cisco Prime Infrastructure 1.3.0.20
Cisco Prime Infrastructure 1.2.1
Cisco Prime Infrastructure 1.4.0.45
Cisco Prime Infrastructure 3.1\\(0.128\\)
Cisco Prime Infrastructure 3.2\\(0.0\\)
Cisco Prime Infrastructure 3.1\\(4.0\\)
Cisco Prime Infrastructure 2.2
Cisco Prime Infrastructure 1.2
Cisco Prime Infrastructure 2.2\\(2\\)
Cisco Prime Infrastructure 1.4.2
Cisco Prime Infrastructure 1.2.0.103
Cisco Prime Infrastructure 3.1.1
Cisco Prime Infrastructure 2.2\\(3\\)
Cisco Prime Infrastructure 3.0
Cisco Evolved Programmable Network Manager 2.0\\(4.0.45d\\)
Cisco Evolved Programmable Network Manager 1.2.500
5.5
CVSSv2
CVE-2017-6698
A vulnerability in the Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) SQL database interface could allow an authenticated, remote malicious user to impact the confidentiality and integrity of the application by executing arbitrary SQL queries, aka...
Cisco Prime Infrastructure 2.0\\(4.0.45b\\)
Cisco Prime Infrastructure 3.1\\(1\\)
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »