Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xml external entity vulnerabilities and exploits
(subscribe to this query)
7.4
CVSSv3
CVE-2017-9355
XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote malicious users to conduct server-side request forgery (SSRF) attacks via a crafted XSPF playlist file.
Subsonic Subsonic 6.1.1
1 EDB exploit
5.5
CVSSv3
CVE-2018-10832
ModbusPal 1.6b is vulnerable to an XML External Entity (XXE) attack. Projects are saved as .xmpp files and automations can be exported as .xmpa files, both XML-based, which are vulnerable to XXE injection. Sending a crafted .xmpp or .xmpa file to a user, when opened/imported in M...
Modbuspal Project Modbuspal 1.6
1 EDB exploit
NA
CVE-2015-2125
Unspecified vulnerability in HP WebInspect 7.x up to and including 10.4 prior to 10.4 update 1 allows remote authenticated users to bypass intended access restrictions via unknown vectors.
Hp Webinspect
1 EDB exploit
5.5
CVSSv3
CVE-2017-9095
XXE in Diving Log 6.0 allows malicious users to remotely view local files through a crafted dive.xml file that is mishandled during a Subsurface import.
Divinglog Diving Log
1 EDB exploit
9.8
CVSSv3
CVE-2015-7241
XML External Entity (XXE) vulnerability in SAP Netweaver prior to 7.01.
Sap Netweaver
1 EDB exploit
10
CVSSv3
CVE-2019-14678
SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by malicious attackers in multiple ways. Examples are Local File Reading, Out Of Band File Exfiltration, Server Side Request Forgery, and/or Potential Denial of Service attacks. This vulnerab...
Sas Xml Mapper 9.45
Sas Base Sas 9.4
1 Github repository
8.1
CVSSv3
CVE-2019-15637
Numerous Tableau products are vulnerable to XXE via a malicious workbook, extension, or data source, leading to information disclosure or a DoS. This affects Tableau Server, Tableau Desktop, Tableau Reader, and Tableau Public Desktop.
Tableau Tableau Server
Tableau Tableau Desktop
Tableau Tableau Reader
Tableau Tableau Public Desktop
1 EDB exploit
NA
CVE-2012-2997
XML External Entity (XXE) vulnerability in sam/admin/vpe2/public/php/server.php in F5 BIG-IP 10.0.0 up to and including 10.2.4 and 11.0.0 up to and including 11.2.1 allows remote authenticated users to read arbitrary files via a crafted XML file.
F5 Big-ip Configuration Utility 10.0.0
F5 Big-ip Configuration Utility 10.2.4
F5 Big-ip Configuration Utility 11.0.0
F5 Big-ip Configuration Utility 11.2.1
1 EDB exploit
8.6
CVSSv3
CVE-2016-4264
The Office Open XML (OOXML) feature in Adobe ColdFusion 10 before Update 21 and 11 before Update 10 allows remote malicious users to read arbitrary files or send TCP requests to intranet servers via a crafted OOXML spreadsheet containing an external entity declaration in conjunct...
Adobe Coldfusion
1 EDB exploit
2 Github repositories
9.8
CVSSv3
CVE-2019-7442
An XML external entity (XXE) vulnerability in the Password Vault Web Access (PVWA) of CyberArk Enterprise Password Vault <=10.7 allows remote malicious users to read arbitrary files or potentially bypass authentication via a crafted DTD in the SAML authentication system.
Cyberark Enterprise Password Vault
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675
CVE-2024-3400
CVE-2024-23557
mass assignment
CVE-2023-1389
local file inclusion
CVE-2024-32596
file upload
CVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »