Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xml injection vulnerabilities and exploits
(subscribe to this query)
685
VMScore
CVE-2016-4311
Cross-site request forgery (CSRF) vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 allows remote malicious users to hijack the authentication of privileged users for requests that process XACML requests via an entitlement/eval-policy-submit.jsp request.
Wso2 Identity Server 5.1.0
1 EDB exploit
NA
CVE-2023-6792
An OS command injection vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated API user to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall.
Paloaltonetworks Pan-os
668
VMScore
CVE-2018-10653
There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.
Citrix Xenmobile Server 10.8
Citrix Xenmobile Server 10.7
570
VMScore
CVE-2018-0486
Shibboleth XMLTooling-C prior to 1.6.3, as used in Shibboleth Service Provider prior to 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote malicious users to obtain sensitive information or conduct impersonation attacks ...
Shibboleth Xmltooling-c
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Debian Debian Linux 9.0
NA
CVE-2022-45876
Versions of VISAM VBASE Automation Base before 11.7.5 may disclose information if a valid user opens a specially crafted file.
Visam Vbase
405
VMScore
CVE-2016-8526
Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to an XML external entities (XXE). XXEs are a way to permit XML parsers to access storage that exist on external systems. If an unprivileged user is permitted to control the contents of XML files, XXE can ...
Hp Airwave
1 EDB exploit
435
VMScore
CVE-2016-8527
Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to a reflected cross-site scripting (XSS). The vulnerability is present in the VisualRF component of AirWave. By exploiting this vulnerability, an attacker who can trick a logged-in AirWave administrative ...
Hp Airwave
1 EDB exploit
534
VMScore
CVE-2017-6662
A vulnerability in the web-based user interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker read and write access to information stored in the affected system as well as perform remote code execu...
Cisco Evolved Programmable Network Manager 1.2.0
Cisco Evolved Programmable Network Manager 1.2.300
Cisco Evolved Programmable Network Manager 2.0.0
Cisco Prime Infrastructure 3.1
Cisco Evolved Programmable Network Manager 1.2.200
Cisco Prime Infrastructure 1.4.1
Cisco Prime Infrastructure 1.3.0.20
Cisco Prime Infrastructure 1.2.1
Cisco Prime Infrastructure 1.4.0.45
Cisco Prime Infrastructure 3.1\\(0.128\\)
Cisco Prime Infrastructure 3.2\\(0.0\\)
Cisco Prime Infrastructure 3.1\\(4.0\\)
Cisco Prime Infrastructure 2.2
Cisco Prime Infrastructure 1.2
Cisco Prime Infrastructure 2.2\\(2\\)
Cisco Prime Infrastructure 1.4.2
Cisco Prime Infrastructure 1.2.0.103
Cisco Prime Infrastructure 3.1.1
Cisco Prime Infrastructure 2.2\\(3\\)
Cisco Prime Infrastructure 3.0
Cisco Evolved Programmable Network Manager 2.0\\(4.0.45d\\)
Cisco Evolved Programmable Network Manager 1.2.500
801
VMScore
CVE-2021-3058
An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permissions to use XML API the ability to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 8.1 versions earlier than PA...
Paloaltonetworks Pan-os
646
VMScore
CVE-2015-1833
XML external entity (XXE) vulnerability in Apache Jackrabbit prior to 2.0.6, 2.2.x prior to 2.2.14, 2.4.x prior to 2.4.6, 2.6.x prior to 2.6.6, 2.8.x prior to 2.8.1, and 2.10.x prior to 2.10.1 allows remote malicious users to read arbitrary files and send requests to intranet ser...
Apache Jackrabbit 2.2.10
Apache Jackrabbit 2.2.9
Apache Jackrabbit 2.2.0
Apache Jackrabbit 2.4.5
Apache Jackrabbit 2.6.4
Apache Jackrabbit 2.6.3
Apache Jackrabbit
Apache Jackrabbit 2.2.13
Apache Jackrabbit 2.2.5
Apache Jackrabbit 2.2.4
Apache Jackrabbit 2.4.2
Apache Jackrabbit 2.4.1
Apache Jackrabbit 2.8.0
Apache Jackrabbit 2.10.0
Apache Jackrabbit 2.2.12
Apache Jackrabbit 2.2.11
Apache Jackrabbit 2.2.2
Apache Jackrabbit 2.2.1
Apache Jackrabbit 2.4.0
Apache Jackrabbit 2.6.5
Apache Jackrabbit 2.2.8
Apache Jackrabbit 2.2.7
1 EDB exploit
4 Github repositories
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
IMAP
CVE-2024-4367
server-side request forgery
information disclosure
CVE-2024-34342
CVE-2024-4281
CVE-2024-3507
CVE-2024-25560
CVE-2024-34574
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »