xml external entity vulnerabilities and exploits

(subscribe to this query)

6.4

CVSSv2

IBM Sterling External Authentication Server 6.0.1, 6.0.0, 2.4.3.2, and 2.4.2 and IBM Sterling Secure Proxy 6.0.1, 6.0.0, 3.4.3, and 3.4.2 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability...

Ibm Sterling External Authentication Server 2.4.2.0 Ibm Sterling External Authentication Server 2.4.3.2 Ibm Sterling External Authentication Server 6.0.0.0 Ibm Sterling External Authentication Server 6.0.1.0 Ibm Sterling Secure Proxy 3.4.2.0 Ibm Sterling Secure Proxy 3.4.3.0 Ibm Sterling Secure Proxy 6.0.0.0 Ibm Sterling Secure Proxy 6.0.1.0

5.5

CVSSv2

Easy XML Editor through v1.7.8 is affected by: XML External Entity Injection. The impact is: Arbitrary File Read and DoS by consuming resources. The component is: XML Parsing. The attack vector is: Specially crafted XML payload....

Edit-xml Easy Xml Editor

5

CVSSv2

XML External Entity (XXE) vulnerability in MARC::File::XML module before 1.0.2 for Perl, as used in Evergreen, Koha, perl4lib, and possibly other products, allows context-dependent attackers to read arbitrary files via a crafted XML file....

Galen Charlton Marc-xml Galen Charlton Marc-xml 1.0

9.3

CVSSv2

Invensys Wonderware Win-XML Exporter 1522.148.0.0 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity reference....

Invensys Wonderware Win-xml Exporter 1522.148.0.0

6.4

CVSSv2

perl-XML-Twig: The option to `expand_external_ents`, documented as controlling external entity expansion in XML::Twig does not work. External entities are always expanded, regardless of the option's setting....

Xmltwig Xml-twig For Perl -

7.5

CVSSv2

XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors....

Fedoraproject Fedora 24 Fasterxml Jackson-dataformat-xml6 Github repositories available

9.3

CVSSv2

XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted DTD....

Apache Xml-rpc 3.1.3

7.5

CVSSv2

SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by malicious attackers in multiple ways. Examples are Local File Reading, Out Of Band File Exfiltration, Server Side Request Forgery, and/or Potential Denial of Service attacks. This...

Sas Xml Mapper 9.45 Sas Base Sas 9.4

5

CVSSv2

The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function....

Xml-libxml Project Xml-libxml Debian Debian Linux 7.0 Canonical Ubuntu Linux 14.04 Canonical Ubuntu Linux 15.04 Canonical Ubuntu Linux 12.04 Canonical Ubuntu Linux 14.10 Debian Debian Linux 8.0 Fedoraproject Fedora 21 Fedoraproject Fedora 20 Opensuse Opensuse 13.2 Opensuse Opensuse 13.1

6.4

CVSSv2

The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue....

Apache Solr 3.6.1 Apache Solr 3.6.0 Apache Solr 4.0.0 Apache Solr 3.6.2 Apache Solr1 Github repository available

Get Started

1 2 3 4 5 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook