Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xml injection vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv2
CVE-2021-34706
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote malicious user to access sensitive information or conduct a server-side request forgery (SSRF) attack through an affected device. This vulnerability ...
Cisco Identity Services Engine 3.1\\(0.518\\)
Cisco Identity Services Engine 3.2\\(0.149\\)
Cisco Identity Services Engine
NA
CVE-2023-27328
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists wi...
1 Github repository
5.5
CVSSv2
CVE-2021-1530
A vulnerability in the web-based management interface of Cisco BroadWorks Messaging Server Software could allow an authenticated, remote malicious user to access sensitive information or cause a partial denial of service (DoS) condition on an affected system. This vulnerability i...
Cisco Broadworks Messaging Server 22.0
NA
CVE-2014-6033
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6032. Reason: This candidate is a duplicate of CVE-2014-6032. Notes: All CVE users should reference CVE-2014-6032 instead of this candidate. All references and descriptions in this candidate have been removed...
5.5
CVSSv2
CVE-2014-6032
Multiple XML External Entity (XXE) vulnerabilities in the Configuration utility in F5 BIG-IP LTM, ASM, GTM, and Link Controller 11.0 up to and including 11.6.0 and 10.0.0 up to and including 10.2.4, AAM 11.4.0 up to and including 11.6.0, ARM 11.3.0 up to and including 11.6.0, Ana...
F5 Big-ip Protocol Security Module 10.2.3
F5 Big-ip Protocol Security Module 11.0.0
F5 Big-ip Protocol Security Module 10.2.0
F5 Big-ip Protocol Security Module 10.2.1
F5 Big-ip Protocol Security Module 11.2.1
F5 Big-ip Protocol Security Module 11.3.0
F5 Big-ip Protocol Security Module 11.4.0
F5 Big-ip Protocol Security Module 10.0.0
F5 Big-ip Protocol Security Module 10.1.0
F5 Big-ip Protocol Security Module 11.1.0
F5 Big-ip Protocol Security Module 11.2.0
F5 Big-ip Protocol Security Module 10.2.2
F5 Big-ip Protocol Security Module 10.2.4
F5 Big-ip Protocol Security Module 11.4.1
F5 Big-ip Global Traffic Manager 10.0.0
F5 Big-ip Global Traffic Manager 10.1.0
F5 Big-ip Global Traffic Manager 11.1.0
F5 Big-ip Global Traffic Manager 11.2.0
F5 Big-ip Global Traffic Manager 11.6.0
F5 Big-ip Global Traffic Manager 10.2.2
F5 Big-ip Global Traffic Manager 10.2.3
F5 Big-ip Global Traffic Manager 11.4.1
NA
CVE-2023-20173
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote malicious user to read arbitrary files or conduct a server-side request forgery (SSRF) attack through an affected device. To exploit these v...
Cisco Identity Services Engine
Cisco Identity Services Engine 3.0.0
Cisco Identity Services Engine 3.1
Cisco Identity Services Engine 3.2
7.5
CVSSv2
CVE-2017-14759
OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to an XML External Entity vulnerability: /xFramework/services/QuickDoc.QuickDocHttpSoap11Endpoint/. An unauthenticated user is able...
Opentext Document Sciences Xpression
NA
CVE-2023-20030
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote malicious user to access sensitive information, conduct a server-side request forgery (SSRF) attack through an affected device, or negatively impact ...
Cisco Identity Services Engine 3.2
Cisco Identity Services Engine
4.3
CVSSv2
CVE-2017-8918
XXE in Dive Assistant - Template Builder in Blackwave Dive Assistant - Desktop Edition 8.0 allows malicious users to remotely view local files via a crafted template.xml file.
Blackwave Dive Assistant 8.0
1 EDB exploit
NA
CVE-2023-20174
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote malicious user to read arbitrary files or conduct a server-side request forgery (SSRF) attack through an affected device. To exploit these v...
Cisco Identity Services Engine
Cisco Identity Services Engine 3.0.0
Cisco Identity Services Engine 3.1
Cisco Identity Services Engine 3.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »