Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xml external entity vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2018-11586
XML external entity (XXE) vulnerability in api/rest/status in SearchBlox 8.6.7 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.
Searchblox Searchblox 8.6.7
1 EDB exploit
4.3
CVSSv2
CVE-2018-10832
ModbusPal 1.6b is vulnerable to an XML External Entity (XXE) attack. Projects are saved as .xmpp files and automations can be exported as .xmpa files, both XML-based, which are vulnerable to XXE injection. Sending a crafted .xmpp or .xmpa file to a user, when opened/imported in M...
Modbuspal Project Modbuspal 1.6
1 EDB exploit
4
CVSSv2
CVE-2015-2125
Unspecified vulnerability in HP WebInspect 7.x up to and including 10.4 prior to 10.4 update 1 allows remote authenticated users to bypass intended access restrictions via unknown vectors.
Hp Webinspect
1 EDB exploit
4.3
CVSSv2
CVE-2017-9095
XXE in Diving Log 6.0 allows malicious users to remotely view local files through a crafted dive.xml file that is mishandled during a Subsurface import.
Divinglog Diving Log
1 EDB exploit
7.5
CVSSv2
CVE-2015-7241
XML External Entity (XXE) vulnerability in SAP Netweaver prior to 7.01.
Sap Netweaver
1 EDB exploit
7.5
CVSSv2
CVE-2019-14678
SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by malicious attackers in multiple ways. Examples are Local File Reading, Out Of Band File Exfiltration, Server Side Request Forgery, and/or Potential Denial of Service attacks. This vulnerab...
Sas Xml Mapper 9.45
Sas Base Sas 9.4
1 Github repository
5.5
CVSSv2
CVE-2019-15637
Numerous Tableau products are vulnerable to XXE via a malicious workbook, extension, or data source, leading to information disclosure or a DoS. This affects Tableau Server, Tableau Desktop, Tableau Reader, and Tableau Public Desktop.
Tableau Tableau Server
Tableau Tableau Desktop
Tableau Tableau Reader
Tableau Tableau Public Desktop
1 EDB exploit
4
CVSSv2
CVE-2012-2997
XML External Entity (XXE) vulnerability in sam/admin/vpe2/public/php/server.php in F5 BIG-IP 10.0.0 up to and including 10.2.4 and 11.0.0 up to and including 11.2.1 allows remote authenticated users to read arbitrary files via a crafted XML file.
F5 Big-ip Configuration Utility 10.0.0
F5 Big-ip Configuration Utility 10.2.4
F5 Big-ip Configuration Utility 11.0.0
F5 Big-ip Configuration Utility 11.2.1
1 EDB exploit
6.4
CVSSv2
CVE-2016-4264
The Office Open XML (OOXML) feature in Adobe ColdFusion 10 before Update 21 and 11 before Update 10 allows remote malicious users to read arbitrary files or send TCP requests to intranet servers via a crafted OOXML spreadsheet containing an external entity declaration in conjunct...
Adobe Coldfusion
1 EDB exploit
2 Github repositories
7.5
CVSSv2
CVE-2019-7442
An XML external entity (XXE) vulnerability in the Password Vault Web Access (PVWA) of CyberArk Enterprise Password Vault <=10.7 allows remote malicious users to read arbitrary files or potentially bypass authentication via a crafted DTD in the SAML authentication system.
Cyberark Enterprise Password Vault
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907
hardcoded
inject
CVE-2024-20359
CVE-2024-2467
CVE-2024-4077
CVE-2024-22391
camera
CVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »