Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xml injection vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv2
CVE-2020-7032
An XML external entity (XXE) vulnerability in Avaya WebLM admin interface allows authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. Affected versions of Avaya WebLM include: 7.0 up to and includin...
Avaya Aura System Manager
Avaya Weblm
5
CVSSv2
CVE-2009-5135
The Java XML parser in Echo prior to 2.1.1 and 3.x prior to 3.0.b6 allows remote malicious users to read arbitrary files via a request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Nextapp Echo 2.1.0
Nextapp Echo 2.0
Nextapp Echo
Nextapp Echo 2.0.1
Nextapp Echo 3.0
1 EDB exploit
NA
CVE-2022-20938
A vulnerability in the module import function of the administrative interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote malicious user to view sensitive information. This vulnerability is due to insufficient validation of the XML syn...
Cisco Firepower Management Center 6.1.0.2
Cisco Firepower Management Center 6.2.0.2
Cisco Firepower Management Center 6.2.1
Cisco Firepower Management Center 6.1.0
Cisco Firepower Management Center 6.2.0
Cisco Firepower Management Center 6.1.0.3
Cisco Firepower Management Center 6.1.0.6
Cisco Firepower Management Center 6.2.2
Cisco Firepower Management Center 6.2.3
Cisco Firepower Management Center 6.2.0.5
Cisco Firepower Management Center 6.2.2.2
Cisco Firepower Management Center 6.1.0.7
Cisco Firepower Management Center 6.3.0
Cisco Firepower Management Center 6.2.2.1
Cisco Firepower Management Center 6.2.3.6
Cisco Firepower Management Center 6.4.0
Cisco Firepower Management Center 6.2.3.1
Cisco Firepower Management Center 6.2.3.2
Cisco Firepower Management Center 6.5.0
Cisco Firepower Management Center 6.2.3.10
Cisco Firepower Management Center 6.6.0.1
Cisco Firepower Management Center 6.6.0
5
CVSSv2
CVE-2014-8790
XML external entity (XXE) vulnerability in admin/api.php in GetSimple CMS 3.1.1 up to and including 3.3.x prior to 3.3.5 Beta 1, when in certain configurations, allows remote malicious users to read arbitrary files via the data parameter.
Get-simple Getsimple Cms 3.3.2
Get-simple Getsimple Cms 3.2
Cagintranetworks Getsimple Cms 3.3.3
Cagintranetworks Getsimple Cms 3.3.4
Get-simple Getsimple Cms 3.1.1
Get-simple Getsimple Cms 3.1.2
Get-simple Getsimple Cms 3.2.1
Get-simple Getsimple Cms 3.2.2
Get-simple Getsimple Cms 3.3.0
Get-simple Getsimple Cms 3.2.3
Get-simple Getsimple Cms 3.3.1
7.5
CVSSv2
CVE-2022-28219
Cewolf in Zoho ManageEngine ADAudit Plus prior to 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution.
Zohocorp Manageengine Adaudit Plus 7.0
Zohocorp Manageengine Adaudit Plus
5 Github repositories
6.8
CVSSv2
CVE-2017-12216
A vulnerability in the web-based user interface of Cisco SocialMiner could allow an unauthenticated, remote malicious user to have read and write access to information stored in the affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entrie...
Cisco Socialminer -
4.3
CVSSv2
CVE-2019-17554
The XML content type entity deserializer in Apache Olingo versions 4.0.0 to 4.6.0 is not configured to deny the resolution of external entities. Request with content type "application/xml", which trigger the deserialization of entities, can be used to trigger XXE attack...
Apache Olingo
4
CVSSv2
CVE-2018-19371
The SaveUserSettings service in Content Manager in SDL Web 8.5.0 has an XXE Vulnerability that allows reading sensitive files from the system.
Sdl Web Content Manager 8.5.0
9
CVSSv2
CVE-2006-0272
Unspecified vulnerability in the XML Database component of Oracle Database server 9.2.0.7 and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB29. NOTE: based on mutual credits by the relevant sources, it is highly likely that this issue is a bu...
Oracle Oracle10g Enterprise 10.1.0.4
Oracle Oracle10g Personal 10.1.0.4
Oracle Oracle10g Standard 10.1.0.4
Oracle Oracle9i Standard 9.2.0.7
4.3
CVSSv2
CVE-2018-8533
An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing malicious XML content containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Ser...
Microsoft Sql Server Management Studio 18.0
Microsoft Sql Server Management Studio 17.9
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924
CVE-2024-3400
overflow
CVE-2024-23528
CVE-2024-21338
CVE-2024-3818
CVE-2024-23535
NULL pointer dereference
elevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »