Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xml injection vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2013-4295
The gadget renderer in Apache Shindig 2.5.0 for PHP allows remote malicious users to obtain sensitive information via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Apache Shindig 2.5.0
1 EDB exploit
7.5
CVSSv2
CVE-2018-10653
There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.
Citrix Xenmobile Server 10.8
Citrix Xenmobile Server 10.7
NA
CVE-2023-6792
An OS command injection vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated API user to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall.
Paloaltonetworks Pan-os
6.4
CVSSv2
CVE-2018-0486
Shibboleth XMLTooling-C prior to 1.6.3, as used in Shibboleth Service Provider prior to 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote malicious users to obtain sensitive information or conduct impersonation attacks ...
Shibboleth Xmltooling-c
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Debian Debian Linux 9.0
NA
CVE-2022-45876
Versions of VISAM VBASE Automation Base before 11.7.5 may disclose information if a valid user opens a specially crafted file.
Visam Vbase
4
CVSSv2
CVE-2016-8526
Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to an XML external entities (XXE). XXEs are a way to permit XML parsers to access storage that exist on external systems. If an unprivileged user is permitted to control the contents of XML files, XXE can ...
Hp Airwave
1 EDB exploit
4.3
CVSSv2
CVE-2016-8527
Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to a reflected cross-site scripting (XSS). The vulnerability is present in the VisualRF component of AirWave. By exploiting this vulnerability, an attacker who can trick a logged-in AirWave administrative ...
Hp Airwave
1 EDB exploit
6
CVSSv2
CVE-2017-6662
A vulnerability in the web-based user interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker read and write access to information stored in the affected system as well as perform remote code execu...
Cisco Evolved Programmable Network Manager 1.2.0
Cisco Evolved Programmable Network Manager 1.2.300
Cisco Evolved Programmable Network Manager 2.0.0
Cisco Prime Infrastructure 3.1
Cisco Evolved Programmable Network Manager 1.2.200
Cisco Prime Infrastructure 1.4.1
Cisco Prime Infrastructure 1.3.0.20
Cisco Prime Infrastructure 1.2.1
Cisco Prime Infrastructure 1.4.0.45
Cisco Prime Infrastructure 3.1\\(0.128\\)
Cisco Prime Infrastructure 3.2\\(0.0\\)
Cisco Prime Infrastructure 3.1\\(4.0\\)
Cisco Prime Infrastructure 2.2
Cisco Prime Infrastructure 1.2
Cisco Prime Infrastructure 2.2\\(2\\)
Cisco Prime Infrastructure 1.4.2
Cisco Prime Infrastructure 1.2.0.103
Cisco Prime Infrastructure 3.1.1
Cisco Prime Infrastructure 2.2\\(3\\)
Cisco Prime Infrastructure 3.0
Cisco Evolved Programmable Network Manager 2.0\\(4.0.45d\\)
Cisco Evolved Programmable Network Manager 1.2.500
6.4
CVSSv2
CVE-2015-1833
XML external entity (XXE) vulnerability in Apache Jackrabbit prior to 2.0.6, 2.2.x prior to 2.2.14, 2.4.x prior to 2.4.6, 2.6.x prior to 2.6.6, 2.8.x prior to 2.8.1, and 2.10.x prior to 2.10.1 allows remote malicious users to read arbitrary files and send requests to intranet ser...
Apache Jackrabbit 2.2.10
Apache Jackrabbit 2.2.9
Apache Jackrabbit 2.2.0
Apache Jackrabbit 2.4.5
Apache Jackrabbit 2.6.4
Apache Jackrabbit 2.6.3
Apache Jackrabbit
Apache Jackrabbit 2.2.13
Apache Jackrabbit 2.2.5
Apache Jackrabbit 2.2.4
Apache Jackrabbit 2.4.2
Apache Jackrabbit 2.4.1
Apache Jackrabbit 2.8.0
Apache Jackrabbit 2.10.0
Apache Jackrabbit 2.2.12
Apache Jackrabbit 2.2.11
Apache Jackrabbit 2.2.2
Apache Jackrabbit 2.2.1
Apache Jackrabbit 2.4.0
Apache Jackrabbit 2.6.5
Apache Jackrabbit 2.2.8
Apache Jackrabbit 2.2.7
1 EDB exploit
4 Github repositories
9
CVSSv2
CVE-2021-3058
An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permissions to use XML API the ability to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 8.1 versions earlier than PA...
Paloaltonetworks Pan-os
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »