Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xml injection vulnerabilities and exploits
(subscribe to this query)
9.6
CVSSv3
CVE-2016-6256
SAP Business One for Android 1.2.3 allows remote malicious users to conduct XML External Entity (XXE) attacks via crafted XML data in a request to B1iXcellerator/exec/soap/vP.001sap0003.in_WCSX/com.sap.b1i.vplatform.runtime/INB_WS_CALL_SYNC_XPT/INB_WS_CALL_SYNC_XPT.ipo/proc, aka ...
Sap Business One 1.2.3
1 EDB exploit
9.8
CVSSv3
CVE-2015-6970
The web interface in Bosch Security Systems NBN-498 Dinion2X Day/Night IP Cameras with H.264 Firmware 4.54.0026 allows remote malicious users to conduct XML injection attacks via the idstring parameter to rcp.xml.
Boschsecurity Nbn-498 Dinion2x Day\\/night Ip Cameras Firmware 4.54.0026
1 EDB exploit
9.8
CVSSv3
CVE-2022-28219
Cewolf in Zoho ManageEngine ADAudit Plus prior to 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution.
Zohocorp Manageengine Adaudit Plus 7.0
Zohocorp Manageengine Adaudit Plus
5 Github repositories
5.5
CVSSv3
CVE-2019-17554
The XML content type entity deserializer in Apache Olingo versions 4.0.0 to 4.6.0 is not configured to deny the resolution of external entities. Request with content type "application/xml", which trigger the deserialization of entities, can be used to trigger XXE attack...
Apache Olingo
6.5
CVSSv3
CVE-2018-19371
The SaveUserSettings service in Content Manager in SDL Web 8.5.0 has an XXE Vulnerability that allows reading sensitive files from the system.
Sdl Web Content Manager 8.5.0
NA
CVE-2006-0272
Unspecified vulnerability in the XML Database component of Oracle Database server 9.2.0.7 and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB29. NOTE: based on mutual credits by the relevant sources, it is highly likely that this issue is a bu...
Oracle Oracle10g Enterprise 10.1.0.4
Oracle Oracle10g Personal 10.1.0.4
Oracle Oracle10g Standard 10.1.0.4
Oracle Oracle9i Standard 9.2.0.7
NA
CVE-2014-8790
XML external entity (XXE) vulnerability in admin/api.php in GetSimple CMS 3.1.1 up to and including 3.3.x prior to 3.3.5 Beta 1, when in certain configurations, allows remote malicious users to read arbitrary files via the data parameter.
Get-simple Getsimple Cms 3.3.2
Get-simple Getsimple Cms 3.2
Cagintranetworks Getsimple Cms 3.3.3
Cagintranetworks Getsimple Cms 3.3.4
Get-simple Getsimple Cms 3.1.1
Get-simple Getsimple Cms 3.1.2
Get-simple Getsimple Cms 3.2.1
Get-simple Getsimple Cms 3.2.2
Get-simple Getsimple Cms 3.3.0
Get-simple Getsimple Cms 3.2.3
Get-simple Getsimple Cms 3.3.1
8.8
CVSSv3
CVE-2017-12216
A vulnerability in the web-based user interface of Cisco SocialMiner could allow an unauthenticated, remote malicious user to have read and write access to information stored in the affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entrie...
Cisco Socialminer -
4.3
CVSSv3
CVE-2022-20938
A vulnerability in the module import function of the administrative interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote malicious user to view sensitive information. This vulnerability is due to insufficient validation of the XML syn...
Cisco Firepower Management Center 6.1.0.2
Cisco Firepower Management Center 6.2.0.2
Cisco Firepower Management Center 6.2.1
Cisco Firepower Management Center 6.1.0
Cisco Firepower Management Center 6.2.0
Cisco Firepower Management Center 6.1.0.3
Cisco Firepower Management Center 6.1.0.6
Cisco Firepower Management Center 6.2.2
Cisco Firepower Management Center 6.2.3
Cisco Firepower Management Center 6.2.0.5
Cisco Firepower Management Center 6.2.2.2
Cisco Firepower Management Center 6.1.0.7
Cisco Firepower Management Center 6.3.0
Cisco Firepower Management Center 6.2.2.1
Cisco Firepower Management Center 6.2.3.6
Cisco Firepower Management Center 6.4.0
Cisco Firepower Management Center 6.2.3.1
Cisco Firepower Management Center 6.2.3.2
Cisco Firepower Management Center 6.5.0
Cisco Firepower Management Center 6.2.3.10
Cisco Firepower Management Center 6.6.0.1
Cisco Firepower Management Center 6.6.0
5.5
CVSSv3
CVE-2018-8533
An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing malicious XML content containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Ser...
Microsoft Sql Server Management Studio 18.0
Microsoft Sql Server Management Studio 17.9
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977
IMAP
local users
CVE-2024-32038
CVE-2023-49963
CVE-2023-22869
CVE-2024-31497
local
CVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »